Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well one thing is, there are package updates that could masquerade a backdoor much like XZ Utils[1].

The post in question points to dependency package managers however not system packages, such as NPM, which has pre and post build scripts, install scripts, etc.

[1] https://en.wikipedia.org/wiki/XZ_Utils_backdoor



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: