Comment by maronato
21 days ago
Because other OSs do not and the notepad++ team wants all users to have a similar experience.
If you don’t need auto updates, just disable them.
More importantly, notepad++ being able to update itself is not the exploit here. Your OS’ package manager would download the same compromised binary as notepad++’s built in updater.
What OS doesn't have a package manager now? Windows, Linux, and MacOS all have their own systems.
On windows, the package manager downloads the release of notepad++ directly from github, so it would not have been compromised. The hijack was done on the notepad++ website at the webhost level as I understand it, and the built in updater pulled from there.