Codecov bash uploader was compromised

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
PHP Installation Codecov data-lake-store Gulp Homebrew

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • codecov-action

    GitHub Action that uploads coverage to Codecov :open_umbrella:

    • do they mean that the Docker image at https://github.com/codecov/codecov-action contained a secret allowing someone to modify the script served by https://codecov.io/bash ?

  • dev-tasks

    Automated development tasks for my own projects

    • This looks to be that version: https://github.com/ehmicky/dev-tasks/blob/1f6cd2a9c7bc2146b7...

    Though this was uploaded before April 1, and it doesn't appear to have any malicious code.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • geospatial-data-lake

    Discontinued Central storage, management and access for important geospatial datasets

  • HomeBrew

    🍺 The missing package manager for macOS (or Linux)

    • "bash <(curl" is the new cool. Mind-boggling number of projects pull this sh*, look at https://brew.sh/ for instance.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts