home.social

#walkwithoutrhythm — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #walkwithoutrhythm, aggregated by home.social.

  1. Woot ok now that I have the dependency graph crawled I can just ship the listing of known bad NPM packages and just compare directly against that.

    I updated the scanning script to alert if you have -any- version of an infected package.

    You're gonna want to be very careful if you're not infected but have one of these dependencies present.

    github.com/datapartyjs/walk-wi

    #ShalHulud #WalkWithoutRhythm #npm #github #javascript #cybersecurity #threatresponse

  2. At the end of scanning for obvious compromise the `check-projects` script then builds a listing of all of your dependencies and all of the versions your project files mention.

    You can find that info under `reports/`

    I'm currently working on improving the `check-projects` script so that it will alert you if ANY of your package.json or package-lock.json mentions a known infected package.

    #ShalHulud #WalkWithoutRhythm #npm #github #javascript #cybersecurity #threatresponse