Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why would the test dependencies have access to production secrets? They only get installed while developing


They still get run on a developer’s machine most of the time and are at least installed there where they can run arbitrary code on install. And there are juicy secrets beyond just production server secrets sitting on your laptop.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: