headless horsefacts pfp
headless horsefacts
@horsefacts.eth
summary of today's NPM compromise, vulnerable package versions, and action items for devs here, from @andrewmohawk at Privy. if your app uses NPM (includes mini apps), please check your dependencies. https://x.com/AndrewMohawk/status/1965116722375209305 https://x.com/AndrewMohawk/status/1965117607750881561
11 replies
20 recasts
78 reactions

Bethany - countessellis.eth馃帺 pfp
Bethany - countessellis.eth馃帺
@ellis
Supply chain has always been my biggest (well, second biggest after the install bloat) concern about NPM. Intentionally or from a hack, it鈥檚 so easy for malicious impact from packages. This is far from the first time.
0 reply
0 recast
0 reaction