Open source package with 1 million monthly downloads stole user credentials

Jump to latest Follow Reply
Status
You're currently viewing only taxythingy's posts. Click here to go back to viewing the entire thread.
Muted (0)
Sort by date Sort by votes
T

taxythingy

Ars Praetorian
586
Subscriptor
  • #10
    It’s a “a major problem for open source projects with open repos,” he said. “It’s really hard to not accidentally create dangerous workflows that can be exploited by an attacker’s pull request.”


    He said this package can be used to check for such vulnerabilities.
    Click to expand...
    Cool, so the answer to some security issues with packages is to install a package?
     
    Upvote
    -10 (3 / -13)
    You must log in or register to reply here.
    Status
    You're currently viewing only taxythingy's posts. Click here to go back to viewing the entire thread.
    Jump to latest Follow Reply
    Jump to latest Follow Reply