this post was submitted on 28 Jun 2023
8 points (100.0% liked)

JavaScript

2455 readers
2 users here now

founded 2 years ago
MODERATORS
erlingur@programming.dev
Ategon@programming.dev
nick@programming.dev
8
NPM registry vulnerable to 'manifest confusion' abuse (www.theregister.com)
submitted 2 years ago by castarco@programming.dev to c/javascript@programming.dev
4 comments fedilink hide all child comments
top 2 comments
sorted by: hot top controversial new old
[–] agressivelyPassive@feddit.de 2 points 2 years ago (1 children)

Counter question: what part of npm is not vulnerable to attacks?

[–] castarco@programming.dev 1 points 2 years ago* (last edited 2 years ago)

your nickname (almost) fits the question xD.

On a more serious note, not all is doom and gloom in NPM, they have improved a lot during these past years.

load more comments
view more: next ›