Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages
magic_lobster_party@fedia.io 10 hours ago
it's the kind of dependency developers install without a second thought
I got a feeling this is an attack vector that will continue to grow, as now there’s vibe coding frameworks installing random dependencies without a thought at all.
corsicanguppy@lemmy.ca 8 hours ago
There’s twonthings at play, here:
Both are absolutely the fault of the user.