No, but that's not entirely the fault of Nix as it has to rely on an element of good faith with externally managed artifacts.
But it sure is an improvement on pretty much any other package manager, or build pipeline - even if existing solutions were to use a frozen repository as the source of truth.
Packages in the nixpkgs repository also have metadata that includes whether there are any security vulnerabilities to consider.
But it sure is an improvement on pretty much any other package manager, or build pipeline - even if existing solutions were to use a frozen repository as the source of truth.
Packages in the nixpkgs repository also have metadata that includes whether there are any security vulnerabilities to consider.