Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
yoavm
33 days ago
|
parent
|
context
|
favorite
| on:
Shai-Hulud Returns: Over 300 NPM Packages Infected
If you started your Node project yesterday, wouldn't that mean you'd get the fix later?
flexd
33 days ago
|
next
[–]
no, because if you used dependency cooldown you wouldn't be using the latest version when you start your project, you would be using the one that is <cooldown period> days/versions old
edit: but if that's also compromised earlier... \o/
cluckindan
33 days ago
|
prev
[–]
Obviously you bypass the cooldown to fix critical issues.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
