GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
This is why my work will only use enterprise supported distros like RHEL. We don’t have the manpower to stay on top of every single package update to ensure they’re absolutely safe.
What does RHEL have to do about NPM package dependencies in software projects? A server or a developer’s desktop machine using RHEL would still be pulling the same packages from NPM as another other distro…unless I’m missing something?
No worries! I thought maybe RHEL had like their own NPM repo or something (I think NixOS has python packages, so that kind of thing isn’t unheard of), but then that didn’t really make sense so I wanted to make sure I was understanding.
This is why my work will only use enterprise supported distros like RHEL. We don’t have the manpower to stay on top of every single package update to ensure they’re absolutely safe.
What does RHEL have to do about NPM package dependencies in software projects? A server or a developer’s desktop machine using RHEL would still be pulling the same packages from NPM as another other distro…unless I’m missing something?
You’re right, I’m a dumb dumb and misread the whole thing as RPM, whoops!
No worries! I thought maybe RHEL had like their own NPM repo or something (I think NixOS has python packages, so that kind of thing isn’t unheard of), but then that didn’t really make sense so I wanted to make sure I was understanding.