Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
themafia 2 days ago

Are those the ones typically involved in supply chain attacks?

There are no perfect solutions; but, let's be reasonable.

ArcHound 2 days ago | parent [-]

Actually, yes, they are the prime targets: https://en.wikipedia.org/wiki/Npm_left-pad_incident or seemingly https://en.wikipedia.org/wiki/XZ_Utils_backdoor as well.

themafia a day ago | parent [-]

xz has dozens of contributors and two active maintainers. It was the actual example I was thinking of. The code was submitted by a third party and not a result of a developer machine compromise.

left pad wasn't a security incident. It was a capitalism incident.