cyrano@piefed.social to Technology@lemmy.worldEnglish · 1 day agoShai-Hulud Returns: Over 300 NPM Packages Infectedhelixguard.aiexternal-linkmessage-square14fedilinkarrow-up177arrow-down14file-text
arrow-up173arrow-down1external-linkShai-Hulud Returns: Over 300 NPM Packages Infectedhelixguard.aicyrano@piefed.social to Technology@lemmy.worldEnglish · 1 day agomessage-square14fedilinkfile-text
minus-squarefubarx@lemmy.worldlinkfedilinkEnglisharrow-up2·edit-27 hours agoThat is pretty evil. Without signing attestation (both developer and code) there will be no way to find out who was responsible and stop the propagation. This will happen again. Edit: there have been attempts like https://docs.npmjs.com/trusted-publishers, but that hasn’t fixed the problem.
That is pretty evil.
Without signing attestation (both developer and code) there will be no way to find out who was responsible and stop the propagation. This will happen again.
Edit: there have been attempts like https://docs.npmjs.com/trusted-publishers, but that hasn’t fixed the problem.