pull down to refresh
Installing npm packages feels like playing russian roulette these days.This is 100x times worse than the other attack.
Time for a new NPM / package registry using nostr keys? And integrating split payments as well! (which @getalby already has working I think).
So it sounds like it isn't just a supply chain attack anymore-- It's a Trojan horse via supply chain that can replicate. Reminds me of early 2000's viruses.
Installing npm packages feels like playing russian roulette these days.
This is 100x times worse than the other attack.
Time for a new NPM / package registry using nostr keys? And integrating split payments as well! (which @getalby already has working I think).
So it sounds like it isn't just a supply chain attack anymore-- It's a Trojan horse via supply chain that can replicate. Reminds me of early 2000's viruses.