Attacks on software repositories happen all the time, and any future WebAssembly repository and client tooling should be prepared to mitigate these attacks. In this article we will explore a minimum security model for WebAssembly registries and client tooling based on The Update Framework, and how to integrate this model when distributing WebAssembly modules using OCI registries.
