Steve PurcellMar 9
First example we at MELPA have seen of an #emacs package getting hacked (upstream of us, in GitHub): https://github.com/kubernetes-el/kubernetes-el/issues/383
This repository has been compromised · Issue #383 · kubernetes-el/kubernetes-el

@noorul 929c639 This repository has been compromised a few days ago. I've just discovered this a few minutes ago. Apparently a Github action was used. I've removed the package from Melpa and blocke...

GitHub
Show threadSteve PurcellMar 9
If installed, loading this compromised #emacs library would trigger the embedded shell command. Not very subtle, but this should be a reminder to the dev community that plugins for even niche dev tools can be an attack vector.
Show threadSteve Purcell
Great tips from @tarsius on how to reduce the risk of your GitHub actions being hacked like this: https://www.reddit.com/r/emacs/comments/1rowm5i/comment/o9hxc10/
Mar 9 at 3:52pmWeb