spez@sh.itjust.works to Programming@programming.devEnglish · edit-22 months agoAxios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Accountthehackernews.comexternal-linkmessage-square3fedilinkarrow-up160arrow-down10file-text
arrow-up160arrow-down1external-linkAxios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Accountthehackernews.comspez@sh.itjust.works to Programming@programming.devEnglish · edit-22 months agomessage-square3fedilinkfile-text
minus-squareTechnoCat@piefed.sociallinkfedilinkEnglisharrow-up14·2 months agoI always advocate switching to pnpm where install scripts are disabled by default. It has plenty of security features to ward off most supply chain attacks. https://pnpm.io/settings#onlybuiltdependencies https://pnpm.io/settings#minimumreleaseage https://pnpm.io/blog/2025/12/29/pnpm-in-2025#security-by-default
I always advocate switching to
pnpmwhere install scripts are disabled by default. It has plenty of security features to ward off most supply chain attacks.