back to article NPM is Now Providing Malware – or was until recently

Another malicious library has been spotted in the JavaScript-oriented NPM registry, underscoring the continued fragility of today's software supply chain. Like other software package registries – repositories of code libraries for specific tasks – NPM, which was acquired last year by Microsoft's GitHub, has proven to be an …

  1. Sitaram Chamarty

    there's supply chain attacks...

    and then there's NPM, which is in a whole class by itself in terms of problems.

    At least that's the impression my mind carries, from what I remember of various news items over the years. It's bad enough that I won't install any NPM or Node based software on my primary laptop.

  2. druck Silver badge
    Unhappy

    I feel sorry for...

    CPAN

    Perl just isn't getting the love from miscreants any more.

    1. Mike 16

      Re: I feel sorry for...

      Perhaps the miscreants are too busy fighting the version wars to get anything done?

    2. Michael Wojcik Silver badge

      Re: I feel sorry for...

      Writing malware in Perl is like starting fires on the Titanic: you're just making a big problem a little bit worse.

  3. Lil Endian Silver badge

    Reinventing the Wheel

    I prefer to write code from the ground up when possible, rather than using unknown/untrusted outsider code.

    Yes, it's often reinventing the wheel, but I know exactly what's going on. I could audit 3rd party code before use - but we all know what it's like picking apart other coders' work [1]. So the time spent auditing is put into home-grown coding.

    It also gets around any licensing issues.

    Granted, I'm lucky that I don't (usually) have time constraints.

    [1] I recall my CS lecturer telling us a story of his first job, auditing assembler code. He got to a tricky bit that he couldn't fathom, so looked across to the original coder's comment which read: I get lost here too!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like