Sign in / up

Reply to post: Re: Just goes to show

Someone slipped a vuln into crypto-wallets via an NPM package. Then someone else siphoned off $13m in coins to protect it from thieves

Muppet Boss
Reply Icon

Re: Just goes to show

>So you've checked every line of code in every application and all it's dependencies? You've learnt how each and every bit of code interacts with every other bit of code in your entire production eco-system?

That's the point: NPM makes it fairly easy to introduce malicious code into _your_ codebase by hijacking some obscure package you are not even aware of. End-to-end code and security audit becomes very difficult too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon