Security Engineers: "Automatically patch all the things right away!"
NPM infection # 683735
"... okay maybe wait a couple weeks on patching things ..."
4
Post
Replies:
4
@JessTheUnstill
I mean if you're using npm the malware is the least of your problems.
So somehow simultaneously hash pin all of your dependencies, but also remember to update the hashes constantly to whatever is 2 weeks old, but nothing in there has any sort of testing rings so you can just pin to stable... And even if they did, if the CI/CD is popped, they could just update the tags anyways.
@JessTheUnstill does the bugs in the code apply to AI detected bugs? 馃榿
"99 little bugs in the code
take one down, patch it around
127 little bugs in the code"
@[email protected] "There's about five hundred thousand more valuable targets with the same vulnerability, so just think of it like Russian roulette with a 500,000 shot revolver. That shoots like a really fast machine gun. I'm losing this metaphor, aren't I?"
