sudo rm -rf --no-preserve-root /|Mar 24, 2026 17:51
the only sustainable threat model you must follow IMHO is "when I get compromised one day, do I actually lose anything?" this package was downloaded ~95m times last month. it sits deep in the dependency graph of many packages, i.e. it propagates fast. that's how you get contagious supply chain attacks. this time the malicious version was live for ~1 hour "only". next time it won't be very likely. it's not a question of if a foundational package gets widely compromised; it's _when_. and when it happens, the only thing that fucking matters is whether your system was designed to survive it.(sudo rm -rf --no-preserve-root /)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink