this post was submitted on 24 Nov 2025
73 points (96.2% liked)

Technology

77072 readers
3029 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
73
Shai-Hulud Returns: Over 300 NPM Packages Infected (helixguard.ai)
submitted 2 days ago by cyrano@piefed.social to c/technology@lemmy.world
14 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.bestiver.se/post/758000

Comments

top 14 comments
sorted by: hot top controversial new old
[–] SnoringEarthworm@sh.itjust.works 45 points 2 days ago* (last edited 2 days ago) (1 children)

"No Way To Prevent This" Says Only Package Manager Where This Regularly Happens*

*This is a joke about gun violence.

[–] InternetCitizen2@lemmy.world 14 points 2 days ago (2 children)

Real question? Is it really isolated to npm or is there a few lessons others could take and discover their own vulnerabilities?

[–] frongt@lemmy.zip 11 points 2 days ago (1 children)

It happens in python pip too.

[–] Eldritch@piefed.world 5 points 2 days ago (1 children)

Arch checking in. It may happen less. But it still does.

[–] orclev@lemmy.world 8 points 2 days ago (1 children)

To be fair to Arch, the AUR was always advertised as a caveat emptor type thing. It never really claimed to be secure in the first place.

[–] Eldritch@piefed.world 2 points 2 days ago

That is fair.

[–] nyan@lemmy.cafe 7 points 2 days ago

Python and Ruby have both had various repo issues too.

I've never heard of anything similar with Perl, but that may partly be because applications for new developers who want to join CPAN still appear to be processed by humans, with up to a couple of weeks lag. The time inefficiency plus the language being less popular probably makes it an unattractive target.

[–] _cryptagion@anarchist.nexus 19 points 2 days ago (1 children)

“Bless the Maker and His water.
Bless the coming and going of Him.
May His passage cleanse the world.
May He keep the world for His people.”

[–] camdog2000@ttrpg.network 3 points 2 days ago

I avoid NPM like the plague.

I feel like I'm better off for it.

[–] fubarx@lemmy.world 2 points 2 days ago* (last edited 2 days ago)

That is pretty evil.

Without signing attestation (both developer and code) there will be no way to find out who was responsible and stop the propagation. This will happen again.

Edit: there have been attempts like https://docs.npmjs.com/trusted-publishers, but that hasn't fixed the problem.

[–] NOT_RICK@lemmy.world 4 points 2 days ago (1 children)

Thought this was a reference to the hardcore band for a second… seeing them next month for the first time. I’m pumped! Sucks the malware is back

[–] Schmuppes@lemmy.today 6 points 2 days ago (1 children)

It's surely a reference to the Dune novels.