Thread - Nostr Hypermedia

NotBiebs and 69 others _@nostrstuff.com 5 months ago

Scammers really want your bitcoin. Be careful when sending onchain txs from a web wallet or any wallet made with JavaScript.

Anatomy of a Billion-Download NPM Supply-Chain Attack

A massive NPM supply chain attack has compromised foundational packages like Chalk, affecting over 1 billion weekly downloads. We dissect the crypt...

Replies (4)

Arándano 5 months ago

Hardware Airgapp signer always!!

moonsettler moonsettler@iris.to 5 months ago

wallets that don't properly version pin are displaying criminal negligence.

NotBiebs and 69 others _@nostrstuff.com 5 months ago

TFW when prolific open source devs get phished

npm debug and chalk packages compromised

Xtr3m3hodl xtr3m3@nsec.app 5 months ago

We are probably arriving at the point where third party dependencies would need to be hosted locally with running code to limit messes like this. Supply chain attacks are the worst