cm0002@lemy.lol to Linux@programming.dev · 2 days agoArch Linux AUR Malware Campaign Hits Multiple User-Contributed Packageslinuxiac.comexternal-linkmessage-square71linkfedilinkarrow-up1237arrow-down11cross-posted to: [email protected][email protected]
arrow-up1236arrow-down1external-linkArch Linux AUR Malware Campaign Hits Multiple User-Contributed Packageslinuxiac.comcm0002@lemy.lol to Linux@programming.dev · 2 days agomessage-square71linkfedilinkcross-posted to: [email protected][email protected]
minus-squarekboy101222@sh.itjust.workslinkfedilinkEnglisharrow-up51arrow-down1·2 days agoGod, even the Arch malware uses npm as a vector. And thus, my hatred of npm deepens even further
minus-squareugjka@lemmy.ugjka.netlinkfedilinkEnglisharrow-up9·2 days agoTbf, it is run in package post install section so it could be anything even the typical “curl malware.om | bash”. There is a new wave of attacks now pulling things in with Bun which i guess is similar thing to NPM
minus-squarekboy101222@sh.itjust.workslinkfedilinkEnglisharrow-up13·2 days agoI’m just a web guy whose tired of installing 10 xetabytes of 2 line libraries every time I wanna check out anything web related
God, even the Arch malware uses npm as a vector. And thus, my hatred of npm deepens even further
Tbf, it is run in package post install section so it could be anything even the typical “curl malware.om | bash”. There is a new wave of attacks now pulling things in with Bun which i guess is similar thing to NPM
I’m just a web guy whose tired of installing 10 xetabytes of 2 line libraries every time I wanna check out anything web related