AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
5min chapter
The massive bug at the heart of npm (JS Party #282)
Changelog Master Feed
The Impact of NPM on the Tooling World
NPM allows an attacker to hide install scripts or extra dependencies inside of a package. A lot of tools won't show those hidden installations, even though they're going to get installed and run. And so it really gives an attacker really like a pretty powerful tool to hide some of the stuff they might be up to. So this is where you can start to see there might be an here in fact that there's actually a difference between the metadata that's being published separately from the actual tarball.
00:00
Transcript
Episode notes
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode