Hacker News new | ask | show | jobs
by bjpbakker 2767 days ago
You can still get patch emails with Git repositories. In fact, you can easily create them from your own copy of the repo.

This hack has nothing to do with the scm but everything with the carelessness of npm.
1 comments
dboreham 2765 days ago
I must be misunderstanding the attack: didn't it involve checking in malicious code to a repo used to build a package published in npm?

Or are you suggesting that all code in github should be considered untrusted, but somehow able to be verified by npm?

link