schnurrito@discuss.tchncs.de to Cybersecurity@sh.itjust.worksEnglish · 3 days agoDozens of Red Hat packages backdoored through its official NPM channelarstechnica.comexternal-linkmessage-square19linkfedilinkarrow-up1104arrow-down12
arrow-up1102arrow-down1external-linkDozens of Red Hat packages backdoored through its official NPM channelarstechnica.comschnurrito@discuss.tchncs.de to Cybersecurity@sh.itjust.worksEnglish · 3 days agomessage-square19linkfedilink
minus-squareFizz@lemmy.nzlinkfedilinkEnglisharrow-up6arrow-down2·3 days agoI’m not familiar with npm but why is this always NPM? Is it a specific issue they have?
minus-squareBoofStroke@sh.itjust.workslinkfedilinkEnglisharrow-up26·3 days agoIt’s a “package manager” that has zero integrity checks built in. Web devs also love it. Nice combination.
minus-squarehirihit640@sh.itjust.workslinkfedilinkEnglisharrow-up2arrow-down1·2 days agobecause it’s the biggest. Just like how hackers target windows and not linux (assuming they are targeting users and not servers).
I’m not familiar with npm but why is this always NPM? Is it a specific issue they have?
It’s a “package manager” that has zero integrity checks built in. Web devs also love it. Nice combination.
Culture problem imo.
because it’s the biggest. Just like how hackers target windows and not linux (assuming they are targeting users and not servers).