cyrano@piefed.social to Technology@lemmy.worldEnglish · 4 months agoShai-Hulud Returns: Over 300 NPM Packages Infectedhelixguard.aiexternal-linkmessage-square9linkfedilinkarrow-up151arrow-down13file-text
arrow-up148arrow-down1external-linkShai-Hulud Returns: Over 300 NPM Packages Infectedhelixguard.aicyrano@piefed.social to Technology@lemmy.worldEnglish · 4 months agomessage-square9linkfedilinkfile-text
minus-squareInternetCitizen2@lemmy.worldlinkfedilinkEnglisharrow-up10·4 months agoReal question? Is it really isolated to npm or is there a few lessons others could take and discover their own vulnerabilities?
minus-squareEldritch@piefed.worldlinkfedilinkEnglisharrow-up3·4 months agoArch checking in. It may happen less. But it still does.
minus-squareorclev@lemmy.worldlinkfedilinkEnglisharrow-up2·4 months agoTo be fair to Arch, the AUR was always advertised as a caveat emptor type thing. It never really claimed to be secure in the first place.
Real question? Is it really isolated to npm or is there a few lessons others could take and discover their own vulnerabilities?
It happens in python pip too.
Arch checking in. It may happen less. But it still does.
To be fair to Arch, the AUR was always advertised as a caveat emptor type thing. It never really claimed to be secure in the first place.