Hackers can bypass #npm’s #ShaiHulud defenses via #Git dependencies
RE: https://mastodon.thenewoil.org/@thenewoil/115965296916113082
At this point, would it be entirely wrong to treat #npm like #rsh?
"It's on board for legacy reasons, but inherently insecure and should never be used in productive environments."
#ShaiHulud #PackageGate
