Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer (thehackernews.com)
from sanitation@lemmy.today to golang@programming.dev on 30 Jun 22:55
https://lemmy.today/post/55737636

#golang

threaded - newest

LodeMike@lemmy.today on 01 Jul 17:21 collapse

“Installing software installs software”-ass vulnerability. At least Go protects you by including checksums and hard versions of imported packages. NPM doesn’t.