Follow

Bug: packages are disappearing from the official npm repo.
Fact : anybody can create a package in the official npm repo.
So, I believe that for a few hour if a very important package disappeared, then it would have been very easy to take control of any node js server that runs software that depends on the original, lost, package.

Npm is not so secure, right?

github.com/npm/registry/issues

@ratamacue whoo, this, combined with the attack scenario described in hackernoon.com/im-harvesting-c, this is pretty freaky.

I have a sense we are going to deal with some security fuckery, and it is going to be hard to explain.

Sign in to participate in the conversation
Mastodon @ SDF

This is the Federated Mastodon (GNU Social) instance hosted by the SDF Public Access UNIX System since 2010. Please see https://sdf.org for more details about our ORG .. you may wish to also make us your ${HOME}.

Like what we're doing here? Our BitCoin address is: 17GQEeNNHYPmkdgzHmHXiyMaVfgrhPvGBQ

We also accept donations by CC through Paypal - Click on the coin box below: