jomo

An NPM package with 2,000,000 weekly downloads had malicious code injected into it. No one knows what the malicious code does yet.

(via 🐦gerybernhardt)

github.com/dominictarr/event-s

1+
Jim
Follow

@jomo I suspect there's plenty of these areound. Didn't Python have something similar a while back?

I think packaging and even containerisation make auditing harder.

· · Web · 1 · 0 · 0
Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Resources

Developers

What is Mastodon?

sully.site

More…