Kryptovalutaticker:
sysadmin från The Register

GitHub pulls pin on npm's auto-run scripts

6 hours ago
2 Visningar
0 Kommentarer
GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm. Maintainer Leo Balter said: "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem. Every npm install runs...

Läs hela artikeln hos källan.

Läs originalartikeln
Var detta hjälpsamt?
Dela:

Kommentarer (0)

Vänligen logga in för att publicera en kommentar

Inga kommentarer ännu. Bli först med att kommentera!

Relaterade nyheter

Vercel escapes contempt rap after admitting it botched FBI warrant response
Vercel escapes contempt rap after admitting it botched FBI warrant response
5 hours ago
India Brings Its AI Pitch to VivaTech 2026
5 hours ago
Linux Lite 8.0 sheds Chrome, slims down, and finds its name fits better than ever
Linux Lite 8.0 sheds Chrome, slims down, and finds its name fits better than ever
5 hours ago
Who Runs the Ransomware Group ‘The Gentlemen?’
Who Runs the Ransomware Group ‘The Gentlemen?’
6 hours ago
Microsoft Reportedly Cuts Hundreds of Azure Jobs in China
6 hours ago

Bläddra efter kategori

blog crypto news privacy sysadmin technology