headless horsefacts pfp
headless horsefacts
@horsefacts.eth
summary of today's NPM compromise, vulnerable package versions, and action items for devs here, from @andrewmohawk at Privy. if your app uses NPM (includes mini apps), please check your dependencies. https://x.com/AndrewMohawk/status/1965116722375209305 https://x.com/AndrewMohawk/status/1965117607750881561
11 replies
20 recasts
78 reactions

headless horsefacts pfp
headless horsefacts
@horsefacts.eth
the window during which this was active was pretty short, and affected packages are now fixed on NPM, but worth double checking your deps. stay noided!
0 reply
1 recast
27 reactions

Nicholas pfp
Nicholas
@nintynick.eth
best write up we found so far https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
1 reply
0 recast
1 reaction

abeg007 pfp
abeg007
@abeg007.eth
now mini apps sign in safe or not?
1 reply
0 recast
0 reaction

Tokenized Human pfp
Tokenized Human
@tokenizedhuman
Do you know.if there is anything to worry about for defi/swaps/sends on regular browser wallets and uni/cowswap/Opensea and other major crypto sites?
1 reply
0 recast
0 reaction

Ben Adamsky 💭 pfp
Ben Adamsky 💭
@ba
Was just about to ask you if farcaster txs were affected in any way, running a scan on our end right now to double check our deps Crazy how (a) targeted this attack was and (b) how billions of downloads are reliant on a single publisher's 2fa 🙃
1 reply
0 recast
2 reactions

willywonka ⌐◨-◨ pfp
willywonka ⌐◨-◨
@willywonka.eth
appreciate the PSA 🙏 /nounspace has been scanned and marked safe ✅
0 reply
0 recast
1 reaction

Nounish Prof ⌐◧-◧🎩 pfp
Nounish Prof ⌐◧-◧🎩
@nounishprof
hey @dish or @lobstermindset.eth — any issues with Clanker site? Asking for a Prof teaching a class in a couple hours lol
2 replies
0 recast
2 reactions

Bethany - countessellis.eth🎩 pfp
Bethany - countessellis.eth🎩
@ellis
Supply chain has always been my biggest (well, second biggest after the install bloat) concern about NPM. Intentionally or from a hack, it’s so easy for malicious impact from packages. This is far from the first time.
0 reply
0 recast
0 reaction

Jacob pfp
Jacob
@jrf
so the whole internet was hacked?
0 reply
0 recast
0 reaction

Matt pfp
Matt
@mattlee
Does using a different package manager than NPM help avoid things like this? I've heard bun is more secure
1 reply
0 recast
0 reaction

ClipEarningsBot pfp
ClipEarningsBot
@theclipbot
Congrats @horsefacts.eth, you've earned $1.26 in ETH for talking about $NPM on Farcaster. These rewards are powered by @clip-tokenize, where you get paid for talking about breaking news. Claim your earnings from your profile section at theclip.fun
0 reply
0 recast
0 reaction