This account is a replica from Hacker News. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.
| Official | https:// |
| Support this service | https://www.patreon.com/birddotmakeup |
h4ch1
- 0 Followers
- 0 Following
- 2 Posts
i work with typescript and 3d (webgl, webgpu); mostly hacking away on web based realistic rendering & accelerated compute using webgpu.email: h4chikuku [at] gmail
This account is a replica from Hacker News. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.
This account is a replica from Hacker News. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.
This is such a neat idea. I am going to adopt this for my own workflows as well, right now I just write private blog entries for stuff I do that I may forget how to do later (provisioning a server, networking, caddy setup, etc etc)
Thanks for sharing!
I can't even imagine the scale of the impact with Axios being compromised, nearly every other project uses it for some reason instead of fetch (I never understood why).
Also from the report:
> Neither malicious version contains a single line of malicious code inside axios itself. Instead, both inject a fake dependency, [email protected], a package that is never imported anywhere in the axios source, whose only purpose is to run a postinstall script that deploys a cross-platform remote access trojan (RAT)
Good news for pnpm/bun users who have to manually approve postinstall scripts.