A Self-Propagating npm Worm Is Actively Spreading Through Developer Environments
Posted by Big-Engineering-9365@reddit | programming | View on Reddit | 7 comments
programming-ModTeam@reddit
This content is low quality, stolen, blogspam, or clearly AI generated.
ScottContini@reddit
And the poster is a spammer.
lachlanhunt@reddit
People should really stop keeping credentials that allow publishing to be stored unencrypted on their dev machines. SSH keys should be encrypted with a strong password, and use read-only tokens, if needed at all, for npm. Publishing to npm should be handled via CI builds, not local dev machines.
hieu_dev@reddit
thanks
ScottContini@reddit
Wasn’t the fair words worm discovered twoweeks ago?
BigHandLittleSlap@reddit
...again?
rocketbunny77@reddit
still... The fairwords/websocket thing is like 2 weeks old by now (I think)