Hacker News new | past | comments | ask | show | jobs | submit login
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus (arstechnica.com)
17 points by albuwab on March 18, 2022 | hide | past | favorite | 2 comments

Russian or not, anyone still using that package is insane.

The problem is people may not even know they are using the package. This is why good Config Management and inventory are so vital to any dev team. And a sandbox to spin up updates and test before prod deployment.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact