btaf45@lemmy.world to Technology@lemmy.worldEnglish · 17 days agoHundreds of code libraries posted to NPM try to install malware on dev machinesarstechnica.comexternal-linkmessage-square35fedilinkarrow-up1250arrow-down12cross-posted to: [email protected][email protected][email protected]cybersecurity
arrow-up1248arrow-down1external-linkHundreds of code libraries posted to NPM try to install malware on dev machinesarstechnica.combtaf45@lemmy.world to Technology@lemmy.worldEnglish · 17 days agomessage-square35fedilinkcross-posted to: [email protected][email protected][email protected]cybersecurity
minus-squareLavenderDay3544@lemmy.worldlinkfedilinkEnglisharrow-up2·16 days agoI really think every package repository should be opt in and every publisher should be required to verify their identity and along with checksum verification for the downloaded files.
I really think every package repository should be opt in and every publisher should be required to verify their identity and along with checksum verification for the downloaded files.