Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 11 days agoTrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIOthehackernews.comexternal-linkmessage-square5linkfedilinkarrow-up141arrow-down10
arrow-up141arrow-down1external-linkTrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIOthehackernews.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 11 days agomessage-square5linkfedilink
minus-squareBluescluestoothpaste@sh.itjust.workslinkfedilinkEnglisharrow-up2·10 days agoWait like for real? Im noob but i thought npm is like the standard package manager?
minus-squareplacebo@lemmy.ziplinkfedilinkEnglisharrow-up4·10 days ago Wait like for real? No. But it’s a huge platform with a lot of users and no oversight whatsoever.
minus-squarePumaStoleMyBluff@lemmy.worldlinkfedilinkEnglisharrow-up3·10 days agoWhile it’s not literally malware, it should be treated like a random upload host like mega.nz or whatever
Wait like for real? Im noob but i thought npm is like the standard package manager?
No. But it’s a huge platform with a lot of users and no oversight whatsoever.
While it’s not literally malware, it should be treated like a random upload host like mega.nz or whatever