spez@sh.itjust.works to Programming@programming.devEnglish · 9 days agoAxios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Accountthehackernews.comexternal-linkmessage-square3linkfedilinkarrow-up11arrow-down10file-textcross-posted to: javascript@programming.dev
arrow-up11arrow-down1external-linkAxios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Accountthehackernews.comspez@sh.itjust.works to Programming@programming.devEnglish · 9 days agomessage-square3linkfedilinkfile-textcross-posted to: javascript@programming.dev
minus-squareTechnoCat@piefed.sociallinkfedilinkEnglisharrow-up0·8 days agoI always advocate switching to pnpm where install scripts are disabled by default. It has plenty of security features to ward off most supply chain attacks. https://pnpm.io/settings#onlybuiltdependencies https://pnpm.io/settings#minimumreleaseage https://pnpm.io/blog/2025/12/29/pnpm-in-2025#security-by-default
I always advocate switching to
pnpmwhere install scripts are disabled by default. It has plenty of security features to ward off most supply chain attacks.