FYI there is a massive cyberattack on NPM right now, package developers being attacked, nasty commits being added and published, tokens being stolen and used to corrupt more packages. The ecosystem is currently widely corrupted. We just got an advisory from the NZ government about it.
Replies (20)
What is NPM?
Node Package Manager. Where most people get their javascript libraries.
NPM?
just? isnt this happening like weeks ago already?
Yes
A large number of the commits over the past five years contain JavaScript which is immediately suspect.
Like most people, I have my issues with NPM. But this is a big problem for any platform that hosts large amounts of code. You can't verify that much code for vulnerabilities. Fdroid is probably the most successful at any sort of scale.
wallets using npm were hacked via npm malware in many occasions before i am not aware deep details - this is one loophole
github verify pgp identity n sig is must also
if u deploy or develop u will know - npm i npm run
I suppose they are a few days late.
Yeah, this is kinda old. Like me. Old and slow
Yes forgive me.
I don't think you are 65+ years old to say you are old 🤙
That's the only exciting thing in the office the whole year.
They got in it quick because it feels cool to investigate things going wrong and stuff.
Building new random functionality for the government must be boring as hell.
It's a great procrastination device:
" Boss, I can't do that high priority thing because supply chain attack"
I got an investment proposals for you, HMU RN for more details and see if you’d like to give it a shot.💯
I got an investment proposals for you, HMU RN for more details and see if you’d like to give it a shot.💯
I got an investment proposals for you, HMU RN for more details and see if you’d like to give it a shot.💯
How about you go fuck yourself, scammer
