|
|
|
|
|
|
by jauntywundrkind
12 days ago
|
|
|
They didn't back up their meme with real commentary because they have no real commentary to stand on: They're spreading cheap disdain & scorn for npm ("only package manager" framing). But most other package management systems have similar abilities to run pretty un-sandboxed code. TrapDoor has hit python, rust, and js repos. https://socket.dev/blog/trapdoor-crypto-stealer-npm-pypi-cra... |
|
|