NPM is owned by github/microsoft. I'm sure they could afford to buy one of these products or just build their own, but clearly security is not a thing they care about.

▲

codazoda 3 hours ago | parent | next [-]

Somehow I didn't realize GitHub purchased npm in 2020. GitHub is the second word on npmjs.org. How did I not notice?

	▲	octo888 3 hours ago \| parent [-]
		Microsoft: GitHub, NPM, typescript, VS Code, OpenAI, Playwright A lot of fingers in a lot pies

▲

kjok an hour ago | parent | prev | next [-]

Why should MS buy any of these startups when a developer (not any automated tech) found the malware? It looks like these startups did after-the-fact analysis for PR.

▲

foobarbecue 3 hours ago | parent | prev [-]

Can't help noticing, in the original article:

> The entire attack design assumes Linux or macOS execution environments, checking for os.platform() === 'linux' || 'darwin'. It deliberately skips Windows systems

If I were the conspiracy-minded sort I might jump to some wild conclusions here.

	▲	acomjean an hour ago \| parent [-]
		I’m using windows again. By default windows has “power shell” which is not at all like bash and is (how do I say this diplomatically)… wanting. I mean it says something the developed the Linux Subsystem for Windows, but it’s an optional install.