Mastodon Feed
Boosted by keul@fosstodon.org ("Luca Fabbri"):
acdha@code4lib.social ("Chris Adams") wrote:
The NPM Axios package maintainer suffered an account takeover:
Even if you’re unaffected now, it’s a great time to set a dependency cooldown period for everything you use.
If you use #NodeJS, enable minimum package age in NPM/PNPM/Bun/Yarn.
If you use #Python, enable exclude-newer in uv, minimum age in pip, or help the Poetry maintainers finish the open PR: https://github.com/python-poetry/poetry/pull/10763