GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Lance R. Vick (lrvick@mastodon.social)'s status on Monday, 15-Jan-2024 09:32:51 JST Lance R. Vick Lance R. Vick
    in reply to

    I just noticed "foreach" on npm is controlled by a single maintainer.

    I also noticed they let their personal email domain expire, so I bought it before someone else did.

    I now control "foreach" on NPM, and the 36826 projects that depend on it.

    In conversation Monday, 15-Jan-2024 09:32:51 JST from mastodon.social permalink
    • Embed this notice
      Lance R. Vick (lrvick@mastodon.social)'s status on Monday, 15-Jan-2024 09:32:52 JST Lance R. Vick Lance R. Vick

      1. Buy expired NPM maintainer email domains.
      2. Re-create maintainer emails
      3. Take over packages
      4. Submit legitimate security patches that include package.json version bumps to malicious dependency you pushed
      5. Enjoy world domination.

      In conversation Monday, 15-Jan-2024 09:32:52 JST permalink
      Doughnut Lollipop 【記録係】:blobfoxgooglymlem: repeated this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.