Follow

The headline :chef-kiss:
theregister.com/2021/07/21/npm

(The vuln itself is an abuse of symlinking bin scripts in packages. The broader threat will continue until Microsoft starts scanning package data on upload.)

Sign in to participate in the conversation
Life raft.

Ceejbot's mastodon instance. This is an overprovisioned, personally-run instance running on AWS. I welcome friends to create accounts here. I intend to run it as long as people are using it.