What happens when packages go bad?
So recently event-stream got big hack on Node ecosystem. What should we do when that happens?
What steps we shoud take when a package our code depend on got hack?
It also worth to checkout Securing Your Site like It’s 1999
Appears in lists (1)
More like this (3)
How npm Lockfiles Can Be a Security Blindspot for Injecting Malicious Modules — “Let me show...How npm Lockfiles Can Be a Security Blindspot for Injecting Malicious Modules — “Let me show you how easy it is to introduce back doors that are easily missed by project owners… leaving your code insecure.” This is a subtle issue, but we’ve seen how such issues can turn into big problems down the line recently.