Kryptovaluta-ticker:
sysadmin fra The Register

GitHub pulls pin on npm's auto-run scripts

6 hours ago
3 Visninger
0 Kommentarer
GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm. Maintainer Leo Balter said: "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem. Every npm install runs...

Læs hele artiklen hos kilden.

Læs original artikel
Var dette nyttigt?
Del:

Kommentarer (0)

Vennligst logg inn for å skrive en kommentar

Ingen kommentarer ennå. Bli den første til å kommentere!

Relaterede nyheder

Vercel escapes contempt rap after admitting it botched FBI warrant response
Vercel escapes contempt rap after admitting it botched FBI warrant response
5 hours ago
India Brings Its AI Pitch to VivaTech 2026
5 hours ago
Linux Lite 8.0 sheds Chrome, slims down, and finds its name fits better than ever
Linux Lite 8.0 sheds Chrome, slims down, and finds its name fits better than ever
6 hours ago
Who Runs the Ransomware Group ‘The Gentlemen?’
Who Runs the Ransomware Group ‘The Gentlemen?’
6 hours ago
Microsoft Reportedly Cuts Hundreds of Azure Jobs in China
6 hours ago

Gennemse efter kategori

blog crypto news privacy sysadmin technology