←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 1 comments | 08 Sep 25 15:37 UTC | HN request time: 0.204s | source
Show context
paxys ◴[08 Sep 25 21:22 UTC] No.45174186[source]
Yeah I know "everyone can be pwned" etc. but at this point if you are not using a password manager and still entering passwords on random websites whose domains don't match the official one then you have no business doing anything of value on the internet.
replies(6): >>45174727 #>>45175611 #>>45176385 #>>45177993 #>>45179019 #>>45179128 #
1. djkoolaide ◴[08 Sep 25 22:13 UTC] No.45174727[source]
Yeah, a password manager/autofill would have set off some alarms and likely prevented this, because the browser autofill would have detected a mismatch for the domain npmjs.help.