Running wasn't the issue
Running the code wasn't issue. Anybody installing the package would have been affected and anybody not using a lock file would have automatically been upgraded to the infected package
This is yet another example of the scumbags winning the battle. Everything has an entry point and sooner or later they’ll exploit it. I can’t see highly secure, let alone fully secure software happening in many years even decades. Way too much sloppiness or human errors to stop it. Until there are laws and large fines and assurance certification for purveyors of software it will just get worse.
Sites now need to fetch from 100's of bloody sites due to this type of shit..
at least it gives me a way of easily making a block list of sites not to visit
Um, when your product and repo shows up in the news as a hacker victim more than once a year, maybe it's time to check the habits of your community.
As a gatekeeper, I'm supposed to decide which repos our devs have access to and which don't--and this one is beginning to worry me. And, having tinkered with this one myself, I don't want to have to shut it out completely, but... Oh, this is seriously giving me the willies.
No biggy, but....
... possibly initiating a chain reaction of cyber-crime.
I know what the intended meaning was - I think - but the phrase doesn't communicate it very well. Yeah I know, everyone's a critic,.. I'm just picturing a tabloid hack looking for stories to lift (or background) seeing the expression and getting altogether the wrong idea.
Biting the hand that feeds IT © 1998–2021