logoalt Hacker News

Malicious npm packages detected across Red Hat Cloud Services

650 pointsby kurmiashishtoday at 1:30 PM347 commentsview on HN

Comments

hsibenMohamedtoday at 2:33 PM

Salam

MadrasTh0rntoday at 2:32 PM

Fucking Microsoft

0x38Btoday at 2:19 PM

[dead]

niros_valtostoday at 3:17 PM

[flagged]

hirratoday at 2:57 PM

[flagged]

throwaway613746today at 3:09 PM

[dead]

calvinmorrisontoday at 4:05 PM

[dead]

throwaway613746today at 3:06 PM

[dead]

victorrphamtoday at 1:34 PM

[dead]

_pdp_today at 3:17 PM

Why blame on NPM? Would you blame GitLab if an opensource maintainer was hacked and as a result the repo contains malicious changes?

All of these recent incidents is just developers doing stupid things ... like using their compromised devices for making production changes, which is basically a big red flag to begin with.

In fact, the entire situation has been exacerbated by coding agents because now practically everything happens on a single device that touches hundreds of different production systems with full production credentials.

show 2 replies