Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://tldr.nettime.org/users/tante/statuses/113429643601363348">tante (tante@tldr.nettime.org)'s status on Tuesday, 05-Nov-2024 18:36:53 JST</a><a href="https://tldr.nettime.org/@tante" title="tante@tldr.nettime.org"><img src="https://gnusocial.jp/avatar/84398-48-20240318191946.webp" width="48" height="48" alt="tante" style="position: absolute; left: 0; top: 0;">tante</a></section><article><p>It's cute that this software supply chain attack on NPM directly targets Ethereum users who are supposed to check every smart contract they want to interact with to protect themselves but don't seem to use the same rigour when checking code they include.</p><p>(Original title: Hundreds of code libraries posted to NPM try to install malware on dev machines) </p><p> <a href="https://arstechnica.com/security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/" rel="nofollow noreferrer">https://arstechnica.com/security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3939835#notice-7697245">In conversation</a><time datetime="2024-11-05T18:36:53+09:00" title="Tuesday, 05-Nov-2024 18:36:53 JST">about 17 days ago</time> <span>from <span><a href="https://tldr.nettime.org/@tante/113429643601363348" rel="external" title="Sent from tldr.nettime.org via ActivityPub">tldr.nettime.org</a></span></span><a href="https://tldr.nettime.org/@tante/113429643601363348">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: cdn.arstechnica.net</div><h5><a href="https://arstechnica.com/security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/">Hundreds of code libraries posted to NPM try to install malware on dev machines</a></h5><div></div></header><div>These are not the the developer tools you think they are.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
tante (tante@tldr.nettime.org)'s status on Tuesday, 05-Nov-2024 18:36:53 JST tante
It's cute that this software supply chain attack on NPM directly targets Ethereum users who are supposed to check every smart contract they want to interact with to protect themselves but don't seem to use the same rigour when checking code they include.
(Original title: Hundreds of code libraries posted to NPM try to install malware on dev machines)
https://arstechnica.com/security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/
In conversationabout 17 days ago from tldr.nettime.orgpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
  Hundreds of code libraries posted to NPM try to install malware on dev machines
  These are not the the developer tools you think they are.

Public

Embed Notice

HTML Code

Corresponding Notice