Comment on Shai-Hulud Returns: Over 300 NPM Packages Infected
SnoringEarthworm@sh.itjust.works 1 month ago
No Way To Prevent This" Says Only Package Manager Where This Regularly Happens
Comment on Shai-Hulud Returns: Over 300 NPM Packages Infected
SnoringEarthworm@sh.itjust.works 1 month ago
No Way To Prevent This" Says Only Package Manager Where This Regularly Happens
InternetCitizen2@lemmy.world 1 month ago
Real question? Is it really isolated to npm or is there a few lessons others could take and discover their own vulnerabilities?
frongt@lemmy.zip 1 month ago
It happens in python pip too.
Eldritch@piefed.world 1 month ago
Arch checking in. It may happen less. But it still does.
orclev@lemmy.world 1 month ago
To be fair to Arch, the AUR was always advertised as a caveat emptor type thing. It never really claimed to be secure in the first place.
nyan@lemmy.cafe 1 month ago
Python and Ruby have both had various repo issues too.
I’ve never heard of anything similar with Perl, but that may partly be because applications for new developers who want to join CPAN still appear to be processed by humans, with up to a couple of weeks lag. The time inefficiency plus the language being less popular probably makes it an unattractive target.