mac@programming.dev to Programming@programming.dev · 7 months agoSSH keys stolen by stream of malicious PyPI and npm packageswww.bleepingcomputer.comexternal-linkmessage-square10fedilinkarrow-up1126arrow-down12
arrow-up1124arrow-down1external-linkSSH keys stolen by stream of malicious PyPI and npm packageswww.bleepingcomputer.commac@programming.dev to Programming@programming.dev · 7 months agomessage-square10fedilink
minus-squareplatypus_plumba@lemmy.worldlinkfedilinkarrow-up1·7 months agoIt’s honestly crazy that tools like npm don’t force you to encrypt the tokens for the npm repos. They don’t even support it. Any stupid read_file() with http.post() can screw 1000 people.
It’s honestly crazy that tools like npm don’t force you to encrypt the tokens for the npm repos. They don’t even support it. Any stupid read_file() with http.post() can screw 1000 people.