Skip to content
Better HN
Top
New
Best
Ask
Show
Jobs
Search
⌘K
undefined | Better HN
0 points
oever
18d ago
0 comments
Share
That means going back to disabling Javascript or only allowing widely used, well-maintained Javascript libraries.
0 comments
default
newest
oldest
mschuster91
18d ago
> or only allowing widely used, well-maintained Javascript libraries.
That isn't a guarantee either, just last month someone compromised the Axios library.
skydhash
18d ago
They stole the axios's npm keys and they uploaded malicious artifacts. They did not takeover the axios's repo. The issue is with packaging and distribution, not with code.
pocksuppet
18d ago
What's the meaningful distinction between those two things? You imported axios, you got pwned. Same result either way.
1 more reply
j
/
k
navigate · click thread line to collapse
