(www.aikido.dev)

1369 points universesquid | 1 comments | 08 Sep 25 15:37 UTC | HN request time: 0.22s | source

https://github.com/advisories/GHSA-8mgj-vmr8-frr6

Show context

dist-epoch ◴[08 Sep 25 16:09 UTC] No.45170028[source]▶

Given that most of these kind of attacks are detected relatively quickly, NPM should implement a feature where it doesn't install/upgrade packages newer than 3 days, and just use the previous version.

replies(3): >>45170138 #>>45170232 #>>45170382 #

1. ◴[08 Sep 25 16:34 UTC] No.45170382[source]▶

>>45170028 #

↑

NPM debug and chalk packages compromised