4·
11 days agoMinimum age would have prevented it in this case.
TechnoCat
- 0 Posts
- 4 Comments
Joined 10 months ago
Cake day: June 20th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I always advocate switching to
pnpmwhere install scripts are disabled by default. It has plenty of security features to ward off most supply chain attacks.
I run my home services on an extremely low power PC. So I like bare bones.
On closer inspection, preventing post-install would have fixed it too: “The attack exploited a transitive dependency, plain-crypto-js@4.2.1, which executed a postinstall script to deploy the RAT.”