Comment by RUnconcerned
2 months ago
What other language ecosystems have had this happen systematically? This isn't even the first time this month!
2 months ago
What other language ecosystems have had this happen systematically? This isn't even the first time this month!
NPM is the most popular, so it happens the most frequently. All of the other ecosystems are just as susceptible.
Unix had a big scare last year because of XZ Utils.
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
No they are not as susceptible - auto updating dependencies, post install scripts and culture of thousands of crappy micro packages (like left-pad) is mainly a NPM issue.
Packages are not auto updated if you have a package-lock. Agreed that post-install, left-pad, etc have been overall problematic tho.
Python/PyPi.
Rust.
RubyGems is susceptible too.
Go has this issue