npm package safety
#3397
Replies: 1 comment
-
|
And again: 300 npm packages infected on 24/Nov/2025: https://news.ycombinator.com/item?id=46032539 Is this project implementing dependency cooldowns or something similar? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I'm hearing a lot about npm packages getting compromised with malware recently:
Today: tinycolor + 40 other packages: https://news.ycombinator.com/item?id=45260741
8 days ago: debug and chalk: https://news.ycombinator.com/item?id=45169657
2 months ago: eslint-config-prettier: https://news.ycombinator.com/item?id=44609732
I guess Salesforce CLI doesn't use any of these but what approach does the project have in general to making sure npm packages are safe? How often are imported packages updated?
Beta Was this translation helpful? Give feedback.
All reactions