An NPM package with 2,000,000 weekly downloads had malicious code injected into it. No one knows what the malicious code does yet.
(via 🐦gerybernhardt)
https://github.com/dominictarr/event-stream/issues/116
@jomo I suspect there's plenty of these areound. Didn't Python have something similar a while back?
I think packaging and even containerisation make auditing harder.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!