mox@lemmy.sdf.org to Programming@programming.dev · 2 days agoHundreds of code libraries posted to NPM try to install malware on dev machinesarstechnica.comexternal-linkmessage-square3fedilinkarrow-up163arrow-down10cross-posted to: pulse_of_truth@infosec.pubtechnology@lemmy.worldcybersecurity@sh.itjust.worksarstechnica_index@rss.ponder.cat
arrow-up163arrow-down1external-linkHundreds of code libraries posted to NPM try to install malware on dev machinesarstechnica.commox@lemmy.sdf.org to Programming@programming.dev · 2 days agomessage-square3fedilinkcross-posted to: pulse_of_truth@infosec.pubtechnology@lemmy.worldcybersecurity@sh.itjust.worksarstechnica_index@rss.ponder.cat
minus-squareFlipper@feddit.orglinkfedilinkarrow-up2arrow-down9·1 day agoLet’s see how long it will alles Till Rust hast the same Problems.
minus-squarewkk@lemmy.worldlinkfedilinkarrow-up8·1 day agoPython with PyPI, C# with Nuget, Docker with Dockerhub, Java with Maven Central, hell even just regular Linux packages from dodgy repositories… Supply chain attacks concern almost everything everyone everywhere.
minus-squaremox@lemmy.sdf.orgOPlinkfedilinkarrow-up3·21 hours agoThis is one of the more important reasons to minimize dependencies and be very picky about the ones we adopt.
Let’s see how long it will alles Till Rust hast the same Problems.
Python with PyPI, C# with Nuget, Docker with Dockerhub, Java with Maven Central, hell even just regular Linux packages from dodgy repositories…
Supply chain attacks concern almost everything everyone everywhere.
This is one of the more important reasons to minimize dependencies and be very picky about the ones we adopt.