cyrano@piefed.social to Technology@lemmy.worldEnglish · 3 hours agoShai-Hulud Returns: Over 300 NPM Packages Infectedhelixguard.aiexternal-linkmessage-square7fedilinkarrow-up133arrow-down13file-text
arrow-up130arrow-down1external-linkShai-Hulud Returns: Over 300 NPM Packages Infectedhelixguard.aicyrano@piefed.social to Technology@lemmy.worldEnglish · 3 hours agomessage-square7fedilinkfile-text
minus-squareInternetCitizen2@lemmy.worldlinkfedilinkEnglisharrow-up8·2 hours agoReal question? Is it really isolated to npm or is there a few lessons others could take and discover their own vulnerabilities?
minus-squareEldritch@piefed.worldlinkfedilinkEnglisharrow-up3·55 minutes agoArch checking in. It may happen less. But it still does.
minus-squareorclev@lemmy.worldlinkfedilinkEnglisharrow-up1·18 minutes agoTo be fair to Arch, the AUR was always advertised as a caveat emptor type thing. It never really claimed to be secure in the first place.
Real question? Is it really isolated to npm or is there a few lessons others could take and discover their own vulnerabilities?
It happens in python pip too.
Arch checking in. It may happen less. But it still does.
To be fair to Arch, the AUR was always advertised as a caveat emptor type thing. It never really claimed to be secure in the first place.