...“This is, once again, a persistent reminder that supply chain attacks are alive and well.”
For NPM, github, etc, we're long past being able to just trust anything online, whether it's malign or just disinformation.
I remember the first time I looked at server logs and nearly soiled myself with all the port scanning, and login hacks. Now, I'm all "meh - scriptkiddies..."
...“This is, once again, a persistent reminder that supply chain attacks are alive and well.”
For NPM, github, etc, we're long past being able to just trust anything online, whether it's malign or just disinformation.
I remember the first time I looked at server logs and nearly soiled myself with all the port scanning, and login hacks. Now, I'm all "meh - scriptkiddies..."
I guess curation has to replace blind trust.