mox to [email protected] • 20 hours agoHundreds of code libraries posted to NPM try to install malware on dev machinesarstechnica.comexternal-linkmessage-square3fedilinkarrow-up158arrow-down10cross-posted to: [email protected][email protected]technology[email protected][email protected]
arrow-up158arrow-down1external-linkHundreds of code libraries posted to NPM try to install malware on dev machinesarstechnica.commox to [email protected] • 20 hours agomessage-square3fedilinkcross-posted to: [email protected][email protected]technology[email protected][email protected]
minus-squarewkklink4•5 hours agoPython with PyPI, C# with Nuget, Docker with Dockerhub, Java with Maven Central, hell even just regular Linux packages from dodgy repositories… Supply chain attacks concern almost everything everyone everywhere.
minus-squaremoxOPlinkfedilink1•1 hour agoThis is one of the more important reasons to minimize dependencies and be very picky about the ones we adopt.
Python with PyPI, C# with Nuget, Docker with Dockerhub, Java with Maven Central, hell even just regular Linux packages from dodgy repositories…
Supply chain attacks concern almost everything everyone everywhere.
This is one of the more important reasons to minimize dependencies and be very picky about the ones we adopt.