Researcher hacks over 35 tech firms by creating public NPM packages

• event-stream

  5 2,157 0.0 JavaScript

  Discontinued EventStream is like functional programming meets IO

foo-bar version 1.0 depends on bada-boom 1.0 which depends on bada-bing 1.0. Now you update to foo-bar 1.1 because of some critical update, which in itself now depends on bada-boom 2.0 and bada-bing 2.0. But unbeknownst to you and the author of foo-bar, the bada-boom and bada-bing project was taken over by another maintainer who made an update, but also added some trojan horse code to specifically attack certain users, which was obfuscated and remained undetected. Which has happened before - not just browser extensions are affected by malicious attackers taking over useful projects.

• project

  2 - -

foo = "0.1" git_foo = { git = "https://github.com/example/project", package = "foo" } custom_foo = { version = "0.1", registry = "custom", package = "foo" }

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• steal-ur-stuff

  8 21 0.0

  Steal Ur Stuff

Not only that it can run arbitrary code contained in a Gist and I showed this 4 years ago https://github.com/tanepiper/steal-ur-stuff

• asdf

  341 20,547 7.6 Shell

  Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more

  

It's a version manager. https://github.com/asdf-vm/asdf

Suggest a related project