Comment by SkyPuncher
2 months ago
NPM is the most popular, so it happens the most frequently. All of the other ecosystems are just as susceptible.
Unix had a big scare last year because of XZ Utils.
2 months ago
NPM is the most popular, so it happens the most frequently. All of the other ecosystems are just as susceptible.
Unix had a big scare last year because of XZ Utils.
No they are not as susceptible - auto updating dependencies, post install scripts and culture of thousands of crappy micro packages (like left-pad) is mainly a NPM issue.
Packages are not auto updated if you have a package-lock. Agreed that post-install, left-pad, etc have been overall problematic tho.