alt Hacker NewsOnce again, it is in the NPM ecosystem. OneCLI [0] does not save you either. Happens less with languages that have better standard libraries such as Go.
If you see any package that has hundreds of libraries, that increases the risk of a supply chain attack.
A password manager does not need a CLI tool.
Replies
I guess anyone/anything using a non-graphical interface should just not use a password manager for some reason?
Not to mention that a graphical application is just as vulnerable to supply chain attacks.
I seems like we need better standard libraries, but standard libraries turn into tarpits. I sort of like the way python's stdlib works.
> A password manager does not need a CLI tool.
Why not? Even macos keychain supports cli.
Yeah Im going to have to agree with this
> A password manager does not need a CLI tool.
That's a wild statement. The CLI is just another UI.
The problem in this case is JS and the NPM ecosystem. Go would be an improvement, but complexity is the enemy of security. Something like (pass)age is my preference for storing sensitive data.
> A password manager does not need a CLI tool.
A password manager absolutely does need a CLI tool??