Crypto Ticker:
sysadmin from The Register

GitHub pulls pin on npm's auto-run scripts

6 hours ago
5 Views
0 Comments
GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm. Maintainer Leo Balter said: "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem. Every npm install runs...

Read the full article at the source.

Read Original Article
Was this helpful?
Share:

Comments (0)

Please login to post a comment

No comments yet. Be the first to comment!

Related News

Vercel escapes contempt rap after admitting it botched FBI warrant response
Vercel escapes contempt rap after admitting it botched FBI warrant response
5 hours ago
India Brings Its AI Pitch to VivaTech 2026
5 hours ago
Linux Lite 8.0 sheds Chrome, slims down, and finds its name fits better than ever
Linux Lite 8.0 sheds Chrome, slims down, and finds its name fits better than ever
6 hours ago
Who Runs the Ransomware Group ‘The Gentlemen?’
Who Runs the Ransomware Group ‘The Gentlemen?’
6 hours ago
Microsoft Reportedly Cuts Hundreds of Azure Jobs in China
6 hours ago

Browse by Category

blog crypto news privacy sysadmin technology