King@sh.itjust.works to Technology@lemmy.worldEnglish · 2 days agoNPM Package With 56K Downloads Caught Stealing WhatsApp Messageswww.koi.aiexternal-linkmessage-square21fedilinkarrow-up1122arrow-down13cross-posted to: [email protected]
arrow-up1119arrow-down1external-linkNPM Package With 56K Downloads Caught Stealing WhatsApp Messageswww.koi.aiKing@sh.itjust.works to Technology@lemmy.worldEnglish · 2 days agomessage-square21fedilinkcross-posted to: [email protected]
minus-squaremagic_lobster_party@fedia.iolinkfedilinkarrow-up41·1 day ago it’s the kind of dependency developers install without a second thought I got a feeling this is an attack vector that will continue to grow, as now there’s vibe coding frameworks installing random dependencies without a thought at all.
minus-squarecorsicanguppy@lemmy.calinkfedilinkEnglisharrow-up8arrow-down1·1 day agoThere’s twonthings at play, here: installing dependencies without checking a framework that will allow this Both are absolutely the fault of the user.
%20copy.jpg)
I got a feeling this is an attack vector that will continue to grow, as now there’s vibe coding frameworks installing random dependencies without a thought at all.
There’s twonthings at play, here:
Both are absolutely the fault of the user.