76
Roblox Game Devs Duped by Malicious npm Packages
(www.cyber-oracle.com)
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities !webdev@programming.dev
At some point,
npm
supply chain attacks are going to stop being news and start being "Tuesday."... JS on the backend was a mistake.
JS was a mistake.
It wouldn't have been if it kept to the original purpose of some simple tasks and such, but we can't have nice things.
Typo squatting is not unique to JS.
True, but it's uniquely bad in the JS world. Developers tend to rely on libraries in almost cartoonish excess.