I'm not sure why you latched on to malware. I didn't say that I had a concern with my companies scanning or other network security policies. I said that notarization also scans for malware. And I said that ingesting any 3rd party library could cause your package to be un-notarizable for one of 6 different reasons. How exactly would you test an open source 3rd party component like Electron for code-signing, or that it meets minimum SDK requirements, or is hardened? Did you write code for your build pipeline that does that before you upgraded to the latest version?My point is that apple has done that. They've built the tooling that does exactly that; except that I don't want to notarize a 3rd party; my security team says using my companies credentials for signing their code is muy no bueno.Apple has conflated the testing of an app to meet notarization requirements with the actual notarization. If you give a release requirement, great, I want to meet that requirement, but give me a way to test for that requirement before I release.