Mac@programming.dev to Programming@programming.dev · 1 year agoSSH keys stolen by stream of malicious PyPI and npm packageswww.bleepingcomputer.comexternal-linkmessage-square10fedilinkarrow-up1125arrow-down12cross-posted to: linux_lugcast@lemux.minnix.devhackernews@derp.foo
arrow-up1123arrow-down1external-linkSSH keys stolen by stream of malicious PyPI and npm packageswww.bleepingcomputer.comMac@programming.dev to Programming@programming.dev · 1 year agomessage-square10fedilinkcross-posted to: linux_lugcast@lemux.minnix.devhackernews@derp.foo
minus-squareMrWiggles@prime8s.xyzlinkfedilinkarrow-up6·1 year agoAnd this is why you password protect your ssh keys
minus-squareplatypus_plumba@lemmy.worldlinkfedilinkarrow-up2·1 year agoIt’s honestly crazy that tools like npm don’t force you to encrypt the tokens for the npm repos. They don’t even support it. Any stupid read_file() with http.post() can screw 1000 people.
And this is why you password protect your ssh keys
It’s honestly crazy that tools like npm don’t force you to encrypt the tokens for the npm repos. They don’t even support it. Any stupid read_file() with http.post() can screw 1000 people.