Y
Hacker News
new
|
ask
|
show
|
jobs
by
RUnconcerned
269 days ago
What other language ecosystems have had this happen systematically? This isn't even the first time this month!
5 comments
SkyPuncher
268 days ago
NPM is the most popular, so it happens the most frequently. All of the other ecosystems are just as susceptible.
Unix had a big scare last year because of XZ Utils.
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
link
Sankozi
268 days ago
No they are not as susceptible - auto updating dependencies, post install scripts and culture of thousands of crappy micro packages (like left-pad) is mainly a NPM issue.
link
zachrip
268 days ago
Packages are not auto updated if you have a package-lock. Agreed that post-install, left-pad, etc have been overall problematic tho.
link
blueflow
269 days ago
Python/PyPi.
link
johnisgood
268 days ago
Rust.
link
mdavidn
268 days ago
RubyGems is susceptible too.
link
LPisGood
268 days ago
Go has this issue
link
Unix had a big scare last year because of XZ Utils.
https://en.wikipedia.org/wiki/XZ_Utils_backdoor