OpenRiver Lemmy
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
RSS Bot@lemmy.bestiver.seMB to Hacker News@lemmy.bestiver.seEnglish · 2 months ago

'No Way to Prevent This,' Says Only Package Manager Where This Regularly Happens

kevinpatel.xyz

external-link
message-square
5
link
fedilink
60
external-link

'No Way to Prevent This,' Says Only Package Manager Where This Regularly Happens

kevinpatel.xyz

RSS Bot@lemmy.bestiver.seMB to Hacker News@lemmy.bestiver.seEnglish · 2 months ago
message-square
5
link
fedilink
‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens
kevinpatel.xyz
external-link
SAN FRANCISCO, CA - In the wake of a devastating supply chain attack in the npm registry that left millions of enterprise applications compromised and billions of user records exposed, developers across the JavaScript ecosystem expressed deep sorrow today, lamenting that such a crisis was completely unavoidable. “It’s a shame, but what can you do? This is just the price of building modern web apps,” said Senior Frontend Engineer Mark Vance, echoing the sentiments of a community that completely relies on a 40-level-deep nested tree of unvetted packages maintained by pseudonymous strangers to capitalize a single string. “There’s absolutely no way to foresee or prevent someone from taking over a long-abandoned utility package and injecting a crypto-miner into every production build in the world. It’s just an act of nature.”

Comments

  • sudoMakeUser@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 months ago

    Oooh nice

Hacker News@lemmy.bestiver.se

hackernews@lemmy.bestiver.se

Subscribe from Remote Instance

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !hackernews@lemmy.bestiver.se
lock
Community locked: only moderators can create posts. You can still comment on posts.

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

Source of the RSS Bot

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 726 users / day
  • 1.82K users / week
  • 3.84K users / month
  • 7.79K users / 6 months
  • 1 local subscriber
  • 5.1K subscribers
  • 9.75K Posts
  • 7.58K Comments
  • Modlog
  • mods:
  • patrick@lemmy.bestiver.se
  • RSS Bot@lemmy.bestiver.se
  • BE: 0.19.15
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org