schnurrito@discuss.tchncs.de to Cybersecurity@sh.itjust.worksEnglish · 1 month agoDozens of Red Hat packages backdoored through its official NPM channelarstechnica.comexternal-linkmessage-square19linkfedilinkarrow-up1105arrow-down12cross-posted to: cybersecurity@infosec.pubpulse_of_truth@infosec.pub
arrow-up1103arrow-down1external-linkDozens of Red Hat packages backdoored through its official NPM channelarstechnica.comschnurrito@discuss.tchncs.de to Cybersecurity@sh.itjust.worksEnglish · 1 month agomessage-square19linkfedilinkcross-posted to: cybersecurity@infosec.pubpulse_of_truth@infosec.pub
minus-squareFizz@lemmy.nzlinkfedilinkEnglisharrow-up6arrow-down2·1 month agoI’m not familiar with npm but why is this always NPM? Is it a specific issue they have?
minus-squareBoofStroke@sh.itjust.workslinkfedilinkEnglisharrow-up27·1 month agoIt’s a “package manager” that has zero integrity checks built in. Web devs also love it. Nice combination.
minus-squarehirihit640@sh.itjust.workslinkfedilinkEnglisharrow-up2arrow-down1·1 month agobecause it’s the biggest. Just like how hackers target windows and not linux (assuming they are targeting users and not servers).
I’m not familiar with npm but why is this always NPM? Is it a specific issue they have?
It’s a “package manager” that has zero integrity checks built in. Web devs also love it. Nice combination.
Culture problem imo.
because it’s the biggest. Just like how hackers target windows and not linux (assuming they are targeting users and not servers).