GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Lance R. Vick (lrvick@mastodon.social)'s status on Monday, 15-Jan-2024 09:32:51 JST Lance R. Vick Lance R. Vick
    in reply to

    I just noticed "foreach" on npm is controlled by a single maintainer.

    I also noticed they let their personal email domain expire, so I bought it before someone else did.

    I now control "foreach" on NPM, and the 36826 projects that depend on it.

    In conversation about 10 months ago from mastodon.social permalink
    • Embed this notice
      Lance R. Vick (lrvick@mastodon.social)'s status on Monday, 15-Jan-2024 09:32:52 JST Lance R. Vick Lance R. Vick

      1. Buy expired NPM maintainer email domains.
      2. Re-create maintainer emails
      3. Take over packages
      4. Submit legitimate security patches that include package.json version bumps to malicious dependency you pushed
      5. Enjoy world domination.

      In conversation about 10 months ago permalink
      Doughnut Lollipop 【記録係】:blobfoxgooglymlem: repeated this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.