Jump to content

Recommended Posts

securitybreach
Posted

Well this is a problem for most OSs and its not just hackers, governments as well actively try to exploit applications nowadays. Also you have to remember its kind of rare when you hear about this happening with linux and open source. This is literally a daily issue for other OSs. Is it any better? An attack is an attack but I would rather it be a rare thing versus having to worry about a constant attack threat. It's a matter of opsec (operational security) on what you deem a security issue or threat. Something like this, is a non-event for most users. That said, with opensource these things are quickly fixed when found. Most opensource code is audited but smaller project just do not get the amount of views as the more popular ones.

  • 2 weeks later...
Posted

Hello,

 

There have been other issues with other NPM packages, just like there have been issues with web browser extensions after they get sold by the original developer, etc. 

I think there are a lot of people who don't review the source code or just download the precompiled binaries for projects.  It's understandable that not everyone can (or is able to) review all source code before installing a package, though.

Regards,

Aryeh Goretsky


 

  • Like 1
Posted

Hello,

Case in point: 

 

 

Regards,

Aryeh Goretsky
 

  • Sad 1
Posted

Yikes, today? well at least nothing important is being hit.

 

Posted
On 8/3/2022 at 3:58 AM, goretsky said:

Hello,

Case in point: 

 

 

Regards,

Aryeh Goretsky
 

WheW! turns out Stephen's original post left out a lot of context . Things not nearly so bad as indicated.

"35,000 code repos not hacked—but clones flood GitHub to serve malware"

  • Like 1
securitybreach
Posted

Wow, that is quite a few infected repos.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...