Back to the feed

Red Hat's npm packages compromised, affecting dependent projects

Devtools Open source

Red Hat's npm packages compromised, affecting dependent projects

Hacker News·1w·kurmiashish

Maintainers of Red Hat Insights' JavaScript client packages discovered malicious code injected into their npm distribution. This is a reminder that supply chain attacks target popular dependencies—even those backed by established companies. Indie developers relying on these packages should audit their dependencies and consider the security posture of tools they build on.

Share𝕏 Reddit

Original story

Read the original on Hacker News

Related stories

⬢ HYVE SPOTLIGHT

HYVE Ether OS goes on pre-sale: a $499 sovereign AI operating system you actually own

Vibe Software Solutions·1d·Anthony S. Owens

claude-handoff-revive lets you resume Claude Code sessions without re-explaining everything

AI

claude-handoff-revive lets you resume Claude Code sessions without re-explaining everything

Hacker News Show HN·1w·sofumel

Zorilla lets you vibe-code a 3D game directly in the browser

Devtools

Zorilla lets you vibe-code a 3D game directly in the browser

Hacker News Show HN·1w·algera

AI

Approve Claude CLI prompts remotely via browser or mobile

Hacker News Show HN·1w·Witness327