btaf45@lemmy.world to Technology@lemmy.worldEnglish · 2 months agoHundreds of code libraries posted to NPM try to install malware on dev machinesarstechnica.comexternal-linkmessage-square32fedilinkarrow-up1241arrow-down11cross-posted to: pulse_of_truth@infosec.pubprogramming@programming.devarstechnica_index@rss.ponder.catcybersecurity@sh.itjust.works
arrow-up1240arrow-down1external-linkHundreds of code libraries posted to NPM try to install malware on dev machinesarstechnica.combtaf45@lemmy.world to Technology@lemmy.worldEnglish · 2 months agomessage-square32fedilinkcross-posted to: pulse_of_truth@infosec.pubprogramming@programming.devarstechnica_index@rss.ponder.catcybersecurity@sh.itjust.works
minus-squareLavenderDay3544@lemmy.worldlinkfedilinkEnglisharrow-up2·2 months agoI really think every package repository should be opt in and every publisher should be required to verify their identity and along with checksum verification for the downloaded files.
I really think every package repository should be opt in and every publisher should be required to verify their identity and along with checksum verification for the downloaded files.