| ▲ | what 3 days ago | |
Homebrew has been compromised before. To think it’s immune is a bit naive. | ||
| ▲ | n8m8 3 days ago | parent | next [-] | |
Agreed that it's a bit funny given the context and no community-managed package manager should be 100% trusted. That said, I think rg is pretty well known to linux daily-drivers and they just wanted to share something quickly for powerusers who want to check their workspaces quickly. Probably better to just instruct n00bs to use grep than install a whole cli tool for searching Come to think of it, I wonder if a 2-phase attack could be planned by an attacker in the future: Inject malware into a package, flood guidance with instructions to install another popular tool that you also recently compromised... lol | ||
| ▲ | tripplyons 3 days ago | parent | prev [-] | |
I'm not saying its immune. I'm saying that NPM doesn't have as many protections, making NPM an easier target. | ||