Not talking about the usual suspects for Arch repos (as of now) but it is worth keeping an eye on and also remembering that just because something is supposedly “checkable”, most devs ignores it, including Open Source ones.
3 Likes
Another reason not to use Discord.
8 Likes
npm 
1 Like
Another reason not to use npm
2 Likes
Drew Devault was offering to pay people to delete their npm repos. I wonder if anyone took him up on it.
Hah 
https://drewdevault.com/2021/11/16/Cash-for-leftpad.html
4 Likes
Btw what is an npm? Seems to be something to do with command line client when i search it
The package manager for NodeJS, a Javascript engine which runs on the desktop.
Agree, I just use it because I have a lot of people there that I only know there and are reluctant to switch; the chicken and egg problem.
1 Like
This is always the case, isn’t it. I’m hesitant to claim most people don’t value privacy, but seeing how defensive people can be about their favorite applications, sometimes I wonder. Perhaps it is more accurate to claim most people aren’t aware of how invasive Discord and similar applications can be.
1 Like
It is always the case, sadly, with proprietary applications like these. I’ve been trying to move some of my friends to IRC; honestly, most of them would like to switch except for the same problem.
1 Like
Until there is observed strange behavior / internet activity by users … then the source is available to determine exactly what is going on.
So…what can we do about this? It looks like the infected packages were already suspicious based on their names alone. So…
What What ? I mean, what? there’s no virus.???
And if so, show it…