Skip Navigation

Technology @lemmy.world btaf45 @lemmy.world 4mo ago

Hundreds of code libraries posted to NPM try to install malware on dev machines

arstechnica.com Hundreds of code libraries posted to NPM try to install malware on dev machines

These are not the the developer tools you think they are.

Hundreds of code libraries posted to NPM try to install malware on dev machines

Programming @programming.dev mox @lemmy.sdf.org 4mo ago

Hundreds of code libraries posted to NPM try to install malware on dev machines

arstechnica.com /security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/

Hundreds of code libraries posted to NPM try to install malware on dev machines

82 7

You're viewing a single thread.

33 comments

This should kill off NPM
- You’d be surprised to see how many common libraries have vulnerabilities every week.
  
  As well as how many common JS libraries, while not malicious have no business existing (ex. IsEven).
- Why stop there lets just kill js in its entirity.
  
  Not really a language-specific problem. Like, there are numerous languages that have distribution mechanisms for libraries that might potentially be malicious.
  
  Only way I can think that the language might be a factor would be if a language were designed to only run in a restricted mode.
  
  Not really a language-specific problem, but why should that stop us from this goal?
  
  Exactly
  
  You must be very smart.

33 comments