this post was submitted on 28 Jun 2023
8 points (100.0% liked)

JavaScript

1958 readers
2 users here now

founded 1 year ago
MODERATORS
erlingur
Ategon
nick
8
NPM registry vulnerable to 'manifest confusion' abuse (www.theregister.com)
submitted 1 year ago by castarco to c/javascript
2 comments fedilink hide all child comments
top 2 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 2 points 1 year ago (1 children)

Counter question: what part of npm is not vulnerable to attacks?

[โ€“] castarco 1 points 1 year ago* (last edited 1 year ago)

your nickname (almost) fits the question xD.

On a more serious note, not all is doom and gloom in NPM, they have improved a lot during these past years.