Snyk publishes malicious packages to the public NPM registry.
I'm no expert on ethics, but I believe that this is... frowned upon?
https://sourcecodered.com/snyk-malicious-npm-package/
https://news.ycombinator.com/item?id=42690473
https://snyk.io/blog/snyk-security-labs-testing-update-cursor-com-ai-code-editor/
=> More informations about this toot | View the thread | More toots from wdormann@infosec.exchange
text/geminiThis content has been proxied by September (ba2dc).