this post was submitted on 28 Jun 2023
8 points (100.0% liked)

JavaScript

2066 readers
2 users here now

founded 2 years ago
MODERATORS
erlingur
Ategon
nick
8
NPM registry vulnerable to 'manifest confusion' abuse (www.theregister.com)
submitted 2 years ago by castarco to c/javascript
2 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 2 years ago (1 children)

Counter question: what part of npm is not vulnerable to attacks?

[โ€“] castarco 1 points 2 years ago* (last edited 2 years ago)

your nickname (almost) fits the question xD.

On a more serious note, not all is doom and gloom in NPM, they have improved a lot during these past years.