←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 5 comments | 08 Sep 25 15:37 UTC | HN request time: 0.728s | source
1. xrd ◴[08 Sep 25 18:56 UTC] No.45172307[source]
It wouldn't be a perfect solution, but I wonder why browsers don't indicate the registration date for a domain in the URL bar somehow? I bet junon would have seen that and gotten suspicious.
replies(3): >>45174142 #>>45174236 #>>45178330 #
2. gaudystead ◴[08 Sep 25 21:19 UTC] No.45174142[source]
I like this idea and could see it being visually represented as a faint red/green bar behind the URL text in the address bar, with a greater amount of the bar being red when the domain is less trusted.

As for developers trusting a plugin that reaches out to an external location to determine the reputation of every website they visit seems like a harder sell though.

3. webdev1234568 ◴[08 Sep 25 21:27 UTC] No.45174236[source]
that's a good one not perfect for sure, hackers would just start buying domains earlier but still...
replies(1): >>45175613 #
4. xrd ◴[08 Sep 25 23:45 UTC] No.45175613[source]
Yeah, but there is a takedown process when a spam site is detected (the server provider can shut off access, etc), so it is a game that is somewhat winnable.
5. AtNightWeCode ◴[09 Sep 25 06:43 UTC] No.45178330[source]
There are curated lists over newly registered domain names that some security software uses so it should be easy to add without any privacy issues.