Anyone who has downloaded affected Red Hat packages should investigate immediately.
  • davidgro@lemmy.worldEnglish
    3 hours

    I’m beginning to think this “NPM” thing isn’t a great idea.

    • Fizz@lemmy.nzEnglish
      2 hours

      I’m not familiar with npm but why is this always NPM? Is it a specific issue they have?

      • BoofStroke@sh.itjust.worksEnglish
        2 hours

        It’s a “package manager” that has zero integrity checks built in. Web devs also love it. Nice combination.

    • NotSteve_@lemmy.caEnglish
      2 hours

      I don’t really see how it’s NPM at fault here. This was caused by a malicious actor taking control of an account and putting out bad packages on it. It could happen on any package repository for any language

  • homes@piefed.worldEnglish
    2 hours

    One day, back in 1995, I could download every red hat package onto a series of 13 floppies.

    In fact, it was required if you wanted to install red hat. So was compiling them all onto your own computer.

    How far we’ve come