Monday, January 10, 2022

all the pretty (dangerous) colors

A while back I posted about a hypothetical trojan horse indicating a fundamental vulnerability in how people implicitly trust npm packages. 

Lately, the geekosphere is abuzz with Dev corrupts NPM libs breaking thousands of apps.

Oddly enough, both that hypothetical(?) exploit and the current shenanigans involve "get colors in your javascript logging".

No comments:

Post a Comment