[kwlug-disc] NPM supply chain worm
Ron
ron at bclug.ca
Wed Sep 17 19:54:22 EDT 2025
Khalid Baheyeldin wrote on 2025-09-17 14:28:
> I have always thought that NPM's governance makes
> NPM packages a very insecure platform to build stuff on.
That could be a governance issue, but "watering hole" attacks aren't
exclusive to NPM and anything that gets popular enough is susceptible.
If Perl were still popular, CPAN would probably be a target. PyPI has
been targeted too.
More information about the kwlug-disc
mailing list