←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 1 comments | 08 Sep 25 15:37 UTC | HN request time: 0s | source
Show context
paxys ◴[08 Sep 25 21:22 UTC] No.45174186[source]
Yeah I know "everyone can be pwned" etc. but at this point if you are not using a password manager and still entering passwords on random websites whose domains don't match the official one then you have no business doing anything of value on the internet.
replies(6): >>45174727 #>>45175611 #>>45176385 #>>45177993 #>>45179019 #>>45179128 #
1. const_cast ◴[08 Sep 25 23:45 UTC] No.45175611[source]
This is true, but I've also run into legitimate password fields on different domains. Multiple times. The absolute worst offender is mobile app vs browser.

Why does the mobile app use a completely different domain? Who designed this thing?