Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
flexd
18 days ago
|
parent
|
context
|
favorite
| on:
Shai-Hulud Returns: Over 300 NPM Packages Infected
no, because if you used dependency cooldown you wouldn't be using the latest version when you start your project, you would be using the one that is <cooldown period> days/versions old
edit: but if that's also compromised earlier... \o/
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
edit: but if that's also compromised earlier... \o/