This post was published 65 days ago. The information described in this article may have changed.
This post is auto-generated from RSS feed
The Rust Programming Language Forum - Latest topics. Source:
Yet another npm supply-chain attack. Is Cargo any safer?
Yet another npm account has been compromised with malicious code. Sadly, it isn't the first time. So far I've never heard of a similar attack against crates.io . But is that because crates.io is fundamentally more secure, or just luckier? I'd like to believe the former, but I fear the latter. What can we do to prevent attacks like this one? cargo-vet is the best idea I've heard so far, but I think its uptake is low.
2 posts - 2 participants
Read full topic
🏷️ Rust_feed
