Sure it is: don't do it. It's not like there isn't automated tooling for this, b... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		venturecruelty 66 days ago \| parent \| context \| favorite \| on: Shai-Hulud Returns: Over 300 NPM Packages Infected Sure it is: don't do it. It's not like there isn't automated tooling for this, but you can also like... I don't know, look at your diffs and not commit secrets? I've never committed a secret before, and I've been working with AWS for ten years now. But I don't "git commit -a" and I triple-check my diffs.

junon 66 days ago [–]

Shai Hulud isn't about accidentally committing secrets, nobody is suggesting that's what's happening. Not sure which comment thread you're reading.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact