| ▲ | PokestarFan 4 days ago | |||||||||||||
NPM is owned by GitHub and therefore Microsoft, who is too busy putting in Copilot into apps that have 0 reason to have any form of generative AI in them | ||||||||||||||
| ▲ | Cthulhu_ 4 days ago | parent | next [-] | |||||||||||||
But Github does loads of things with security, including reporting compromised NPM packages. I didn't know NPM is owned by Microsoft these days though, now that I think about it, Microsoft of all parties should be right on top of this supply chain attack vector - they've been burned hard by security issues for decades, especially in the mid to late 90's, early 2000s as hundreds of millions of devices were connected to the internet, but their OS wasn't ready for it yet. | ||||||||||||||
| ▲ | wutbrodo 4 days ago | parent | prev | next [-] | |||||||||||||
It's not like NPM pre-Microsoft was a paragon of professional management or engineering... | ||||||||||||||
| ||||||||||||||
| ▲ | bnchrch 4 days ago | parent | prev | next [-] | |||||||||||||
Good god. Not everything has to be about your opinion on AI. | ||||||||||||||
| ||||||||||||||
| ▲ | txdv 3 days ago | parent | prev | next [-] | |||||||||||||
Just write a check.md instruction for copilot to check it for malicious acticity, problem solved | ||||||||||||||
| ▲ | andix 4 days ago | parent | prev [-] | |||||||||||||
Is it really owned and run by Microsoft? I thought they only provide infrastructure, servers and funding. | ||||||||||||||