Open source doesn't automatically mean safe. Doesn't guarantee that the downloaded/published binaries are free from injected code, for example. If it's unsafe, it would be cleverly disguised. An auditor would just have to be more clever.
Dont forget this is a company that has to obey the political and military interests of the CCP.
The question one would probably want to ask is if you want to run a Rust from a cn company on your local machine. Unless you trust your infra better than the NPM registry one. I don't trust either of them.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Has ByteDance any plans to spy thru it?
Did you missed the word Open Source ?
Open source doesn't automatically mean safe. Doesn't guarantee that the downloaded/published binaries are free from injected code, for example. If it's unsafe, it would be cleverly disguised. An auditor would just have to be more clever.
Dont forget this is a company that has to obey the political and military interests of the CCP.
The question one would probably want to ask is if you want to run a Rust from a cn company on your local machine. Unless you trust your infra better than the NPM registry one. I don't trust either of them.