the-massive-hole-in-the-npm-ecosystem)

Ed Summers@social.coop to General@digipres.cafe · 1 year ago

@general https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem

An interesting (and potentially massive) security flaw in the JavaScript ecosystem that concerns file manifest metadata, and the APIs that use them.

It is also discussed by the author in this podcast interview: https://changelog.com/jsparty/282

You must log in or register to comment.

Chat

General@digipres.cafe

general@digipres.cafe

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

A place to get started with links and discussions.

Anyone can create a community such as this!

Consider starting a community for more specialized topics that you feel people may wish to subscribe to, e.g. job listings, or caegories for specific technology or disciplines, such as web archiving.

You can message @[email protected] from another Fedverse (ActivityPub) instance e.g. Mastodon to start a discussion here if you haven’t a digipres.cafe account.

Likewise folks can subscribe via a Fediverse instance, e.g. by searching for https://digipres.cafe/c/general e.g. in the mastodon search box. This works the same way for all communities and users on this link aggregator.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
1 user / week
1 user / month
6 users / 6 months
1 local subscriber
89 subscribers
37 Posts
10 Comments
Modlog

mods:
admin@digipres.cafe