Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.
So, lets all switch to Rust and use cargo… Oh, fuuu, wait, how about maven, they too? … It’s in the nature of the thing. Assess your dependencies and get your SBOM monitored.
Can we all stop using npm at this point?
Sure but npm is a target due to reach. Its happened with Python too.
So, lets all switch to Rust and use cargo… Oh, fuuu, wait, how about maven, they too? … It’s in the nature of the thing. Assess your dependencies and get your SBOM monitored.