schnurrito@discuss.tchncs.de to Cybersecurity@sh.itjust.worksEnglish · 7 days agoDozens of Red Hat packages backdoored through its official NPM channelarstechnica.comexternal-linkmessage-square19linkfedilinkarrow-up1105arrow-down12
arrow-up1103arrow-down1external-linkDozens of Red Hat packages backdoored through its official NPM channelarstechnica.comschnurrito@discuss.tchncs.de to Cybersecurity@sh.itjust.worksEnglish · 7 days agomessage-square19linkfedilink
minus-squareFizz@lemmy.nzlinkfedilinkEnglisharrow-up6arrow-down2·7 days agoI’m not familiar with npm but why is this always NPM? Is it a specific issue they have?
minus-squarehirihit640@sh.itjust.workslinkfedilinkEnglisharrow-up2arrow-down1·6 days agobecause it’s the biggest. Just like how hackers target windows and not linux (assuming they are targeting users and not servers).
minus-squareBoofStroke@sh.itjust.workslinkfedilinkEnglisharrow-up27·7 days agoIt’s a “package manager” that has zero integrity checks built in. Web devs also love it. Nice combination.
I’m not familiar with npm but why is this always NPM? Is it a specific issue they have?
because it’s the biggest. Just like how hackers target windows and not linux (assuming they are targeting users and not servers).
It’s a “package manager” that has zero integrity checks built in. Web devs also love it. Nice combination.
Culture problem imo.