- 4 Posts
- 4 Comments
Joined 1 year ago
Cake day: July 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
5·1 year agohttps://blog.phylum.io/sophisticated-highly-targeted-attacks-continue-to-plague-npm/
tl;dr several packages were recently published to npm that appear to be subtle command and control. Behaviors of the infrastructure seem to mimic those recently identified by Phylum as being nation state activity from North Korea.
2·1 year agoSlackware was my first Linux distro
we’re working on a third party solution for this. Should have some updates that sandbox cargo builds shortly.
https://github.com/phylum-dev/birdcage
It’s a cross-platform sandbox that works on Linux via Landlock and macOS via Seatbelt. We’ve rolled this into our CLI (https://github.com/phylum-dev/cli) so you can do thinks like:
For example for npm, which currently uses the sandbox:
We’re adding this to cargo to similarly sandbox crate installations. Would love feedback and thoughts on our sandbox!