u/qwertydiy

▲ 30 r/npm+2 crossposts

Staged publishing for npm packages | npm Docs

This should hopefully reduce the spread of the recent Shai Hulud attacks on npm but they are reliant on you catching the bugs in transit meaning you need to assume still that packages are compromised (I know, bummer). Think of it more as a reduction in spread rate the a treatment or cure.

docs.npmjs.com

u/qwertydiy — 1 day ago

▲ 69 r/linuxadmin+1 crossposts

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros (Yes there is another one, only a CVS 5.5 though this time, still looks pretty bad though)

We better update when the next patch comes ASAP. Too bad way too many companies and distros don't do that. This one was found by a human team (Qualys) though.

thehackernews.com

u/qwertydiy — 2 days ago