re: npm package discovered to have bitcoin-stealing backdoor VIEW POST

re: Also keep in mind that huge companies and small startups alike all basically depend on the same graph of packages, and nobody noticed in time. I s...

I mean programmers at large companies are still regular programmers. Most enterprises will use artifactory and vet their dependencies so I think the only people losing in this are the smaller shops that can't afford the people and infrastructure for mitigating security issues.

The issue was also about stealing cryptocurrency wallets so it makes sense it went unnoticed.

code of conduct - report abuse