Bobinas P4G
  • Login

  • Public

    • Public
    • Groups
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. Christine Lemmer-Webber (cwebber@octodon.social)'s status on Tuesday, 27-Nov-2018 21:39:53 UTC Christine Lemmer-Webber Christine Lemmer-Webber

    another npm package with wide deployment backdoor'ed: https://news.ycombinator.com/item?id=18534392 https://blog.bitpay.com/npm-package-vulnerability-copay/

    There are two paths to mitigating this stuff, which both should be taken:
    - Focus on auditable and reproducible packages. Sadly, mostly impossible with NPM, which is one of the worst language package environments: https://dustycloud.org/blog/javascript-packaging-dystopia/
    - Introduce ocap security into the ecosystem. Probably won't happen but MarkM explained how: https://www.youtube.com/watch?v=9Snbss_tawI&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2&index=25&t=0s

    Friends don't let friends use npm.

    In conversation Tuesday, 27-Nov-2018 21:39:53 UTC from octodon.social permalink
  • Help
  • About
  • FAQ
  • Privacy
  • Source
  • Version
  • Contact

Bobinas P4G is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Bobinas P4G content and data are available under the Creative Commons Attribution 3.0 license.