Y
Hacker News
new
|
ask
|
show
|
jobs
by
eranation
32 days ago
These get detected almost immediately, and removed by npm within hours (axios, tanstack at least)
1 comments
Hackbraten
32 days ago
But who will detect them on day one once everyone ignores them for seven days?
link
bakkoting
32 days ago
These things are usually caught by tools specifically scanning npm or by the maintainers noticing their account is compromised, not by people auditing their own installed packages.
link
eranation
31 days ago
There are some companies that specialize in detecting those, they do it for free (and get lots of marketing for it…)
link
aoeusnth1
32 days ago
AI agents
link