style99,
@style99@kbin.social avatar

Examine dependencies and installation scripts. Very recently published, net-new packages, or scripts or dependencies that make network connections during installation should receive extra scrutiny.

I'm a little surprised npm doesn't already do this and give you a big blinking warning in the install process about it.

ultimate_question,

[DO NOT DEVELOP MY APP]

scroll_responsibly,
@scroll_responsibly@lemmy.sdf.org avatar

Would you like to develop an app?

entropicshart,
@entropicshart@lemmy.world avatar

There goes the argument of non technical users falling for scams. The tables have turned!

I do wonder if this would be negated by containered applications

DangerousDetlef,

The really scary thing is probably the malicious npm dependencies. If I think about the projects at work with and all the different packages and the hundreds of dependencies no one knows. And it’s probably even worse in really big companies like Microsoft or Facebook, they probably got thousands across their products. I hope for us all that they scan them very regularly.

bassomitron,

This is why my work will only use enterprise supported distros like RHEL. We don’t have the manpower to stay on top of every single package update to ensure they’re absolutely safe.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • [email protected]
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • oklahoma
  • feritale
  • SuperSentai
  • KamenRider
  • All magazines
    •