• rockrelishpiealamode@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    especially if you’re a developer. There are a lot of shenanigans going on with malware npm packages that prey on easy typos. I imagine it’s the same with other library installers for other languages too

    • AlexWIWA@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Funny you bring this up because it’s exactly what I was thinking of. A million small packages and dependencies and who knows if the repos got hijacked