Summary & Key Takeaways ​

• Simon Willison writes about the recent LiteLLM supply chain attack.
• He suggests idea of dependency cooldown as a resolution for such attacks.
• It seems that most js package managers already support cooldown settings.

Our Commentary ​

The recent attacks highlight the importance of enabling dependency cooldown settings. For the security of your projects, make sure to configure these safeguards in your package manager!