Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories on GitHub.
  • @AgreeableLandscape
    43 years ago

    edit: i’m surprised none of these ci servers use VMs with hackintosh, probably would save them a lot in hardware costs 🤷‍♀️

    A large company doing that with their servers is probably a lot more likely to get sued.

    • @k_o_t
      43 years ago

      heh, afer searching a little bit about it, turns out it is actually a realtively big sector 🤷‍♀️