Preventing NPM Package Infections, Just Turning off Auto Update? #13992
Replies: 2 comments 1 reply
-
|
This is a good question. Whenever npm is invoked it looks like it starts its auto-update process before it does what it is asked for. This is truly anoying and made such a great impact of the Shai Hukud 2.0 worm possible. No software should auto-update before it is asked to do so. It should allways keep copies of all package versions known to be compatible with the project. Version-pinnings. |
Beta Was this translation helpful? Give feedback.
-
|
What if you disable the auto update within the Gemini CLI settings? Does that mean it's stopping the auto update of the npm also that you referenced? |
Beta Was this translation helpful? Give feedback.
-
|
So I just ran Gemini and it still auto updated despite turning off the auto update in settings (See image) so what do I need to do to stop this? 
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I have no understanding of NPM, NODE's, JS, JSON, Packages. So I just want to make sure, if I turn off the auto update in the Gemini CLI settings, and I dont use NODE or CLI or JS for anything else, is there anything else I need to worry about auto updating and getting infections from?
Does NODE Auto Update?
Does my JavaScript .exe installation in the windows programs section auto update?
Does NPM auto update?
Does JSON auto update?
Are any of these things I need to change settings in?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions