headless horsefacts pfp
headless horsefacts
@horsefacts.eth
summary of today's NPM compromise, vulnerable package versions, and action items for devs here, from @andrewmohawk at Privy. if your app uses NPM (includes mini apps), please check your dependencies. https://x.com/AndrewMohawk/status/1965116722375209305 https://x.com/AndrewMohawk/status/1965117607750881561
11 replies
20 recasts
78 reactions

Matt pfp
Matt
@mattlee
Does using a different package manager than NPM help avoid things like this? I've heard bun is more secure
1 reply
0 recast
0 reaction

dylan pfp
dylan
@dylsteck.eth
i need to look into this a bit more for more context but if it's an issue at the package level it might persist regardless of which package manager you use(npm, pnpm, yarn, bun etc)
1 reply
0 recast
0 reaction