Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
RUnconcerned
4 months ago
|
parent
|
context
|
favorite
| on:
Shai-Hulud malware attack: Tinycolor and over 40 N...
What other language ecosystems have had this happen systematically? This isn't even the first time this month!
SkyPuncher
4 months ago
|
next
[–]
NPM is the most popular, so it happens the most frequently. All of the other ecosystems are just as susceptible.
Unix had a big scare last year because of XZ Utils.
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
Sankozi
4 months ago
|
parent
|
next
[–]
No they are not as susceptible - auto updating dependencies, post install scripts and culture of thousands of crappy micro packages (like left-pad) is mainly a NPM issue.
zachrip
4 months ago
|
root
|
parent
|
next
[–]
Packages are not auto updated if you have a package-lock. Agreed that post-install, left-pad, etc have been overall problematic tho.
blueflow
4 months ago
|
prev
|
next
[–]
Python/PyPi.
johnisgood
4 months ago
|
prev
|
next
[–]
Rust.
mdavidn
4 months ago
|
prev
|
next
[–]
RubyGems is susceptible too.
LPisGood
4 months ago
|
prev
[–]
Go has this issue
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
