• 0 Posts
  • 33 Comments
Joined 2 months ago
Cake day: February 3rd, 2026
  • angelmountain@lemy.nltoNo Stupid Questions@lemmy.worldWhy does it seem like teenagers killing people is way more commonplace in the UK now?Nederlands
    12·
    18 days ago

    Newspapers/websites just want to make money and people tend to read articles that frighten them and/or make them angry. Be careful with what you read/watch and verify with actual statistics.

    I put myself on a news-diet a few months back and it massively improved my life. Instead of worrying about the world burning and feeling unable to do anything about it, I have much more energy to actually do things I like and/or find important and am also much more able to invest in deep relationships with friends. I cannot recommend it enough.

    Important news will get to you anyway, there is no need to check news outlets every 5 minutes.

  • angelmountain@lemy.nltoCybersecurity@sh.itjust.worksSelf-spreading npm malware targets developers in new supply chain attack - Help Net SecurityEnglish
    5·
    27 days ago

    This article talks about “typosquating”, that just means they introduced packages with a similar name to other packages but in this case also containing malicious code.

    I expect other package managers to be just as vulnerable to this. The only way I can think of to mitigate this is very strict registry policies, someone checking all version of all packages in the registry to make sure there is no malicious code in them. That would take a lot of effort.

    I think the biggest problem with npm is just that it is very popular, so for attackers the chance of hitting something with their attack is bigger than with other systems.

    I don’t believe yarn is any more secure than npm, especially not for this type of attack. Yarn used to be a bit more secure because it checked checksums where npm didn’t, but that has been added to npm as well now (https://sebhastian.com/npm-err-code-eintegrity/)