Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
yepthatsreality
on Jan 10, 2022
|
parent
|
context
|
favorite
| on:
What NPM should do to stop a new colors attack
Or package signing would help. Something NPM has continuously refused to implement because they believe it is difficult…
xeromal
on Jan 10, 2022
|
next
[–]
Maybe I misunderstand what package signing is, but the actual owner of the code published the BS. He owns the keys to signing the packages as well.
Tajnymag
on Jan 10, 2022
|
prev
[–]
How would that help if these changes were pushed directly by the original creator himself? Not only form his account but himself as a person.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
