cyrano@piefed.social to Technology@lemmy.worldEnglish · 3 hours agoShai-Hulud Returns: Over 300 NPM Packages Infectedhelixguard.aiexternal-linkmessage-square7fedilinkarrow-up133arrow-down13file-text
arrow-up130arrow-down1external-linkShai-Hulud Returns: Over 300 NPM Packages Infectedhelixguard.aicyrano@piefed.social to Technology@lemmy.worldEnglish · 3 hours agomessage-square7fedilinkfile-text
minus-squareearthworm@sh.itjust.workslinkfedilinkEnglisharrow-up19arrow-down2·edit-21 hour ago“No Way To Prevent This” Says Only Package Manager Where This Regularly Happens* * This is a joke about gun violence.
minus-squareInternetCitizen2@lemmy.worldlinkfedilinkEnglisharrow-up8·2 hours agoReal question? Is it really isolated to npm or is there a few lessons others could take and discover their own vulnerabilities?
minus-squareEldritch@piefed.worldlinkfedilinkEnglisharrow-up3·55 minutes agoArch checking in. It may happen less. But it still does.
minus-squareorclev@lemmy.worldlinkfedilinkEnglisharrow-up1·18 minutes agoTo be fair to Arch, the AUR was always advertised as a caveat emptor type thing. It never really claimed to be secure in the first place.
“No Way To Prevent This” Says Only Package Manager Where This Regularly Happens*
*
This is a joke about gun violence.
Real question? Is it really isolated to npm or is there a few lessons others could take and discover their own vulnerabilities?
It happens in python pip too.
Arch checking in. It may happen less. But it still does.
To be fair to Arch, the AUR was always advertised as a caveat emptor type thing. It never really claimed to be secure in the first place.