Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 2 months agoTrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIOthehackernews.comexternal-linkmessage-square5linkfedilinkarrow-up141arrow-down10
arrow-up141arrow-down1external-linkTrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIOthehackernews.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 2 months agomessage-square5linkfedilink
minus-squarecinoreus@lemmy.worldlinkfedilinkEnglisharrow-up6·2 months agoNPM is literally a malware at this point
minus-squareBluescluestoothpaste@sh.itjust.workslinkfedilinkEnglisharrow-up2·2 months agoWait like for real? Im noob but i thought npm is like the standard package manager?
minus-squareplacebo@lemmy.ziplinkfedilinkEnglisharrow-up5·2 months ago Wait like for real? No. But it’s a huge platform with a lot of users and no oversight whatsoever.
minus-squarePumaStoleMyBluff@lemmy.worldlinkfedilinkEnglisharrow-up3·2 months agoWhile it’s not literally malware, it should be treated like a random upload host like mega.nz or whatever
NPM is literally a malware at this point
Wait like for real? Im noob but i thought npm is like the standard package manager?
No. But it’s a huge platform with a lot of users and no oversight whatsoever.
While it’s not literally malware, it should be treated like a random upload host like mega.nz or whatever