>>106523894
Drew Devault was right about the package managers.
Cargofaggots, take note.

there's transactions worth tens of thousands on just 1 wallet from a list of 200

uh oh

>is-arrayish
>severity: critical

how will webdevs cope with this?

>>106523894
This is why you should never upgrade

File: 1757356346896.png (120 KB, 1266x617)

120 KB PNG

>>106523894
>is-arrayish
>used by: 30 MILLION
Fucking retards, webdevs are such retards.
The entire package is just this btw.

module.exports = function isArrayish(obj) {
    if (!obj || typeof obj === 'string') {
        return false;
    }

    return obj instanceof Array || Array.isArray(obj) ||
        (obj.length >= 0 && (obj.splice instanceof Function ||
            (Object.getOwnPropertyDescriptor(obj, (obj.length - 1)) && obj.constructor.name !== 'String')));
};

btw JS is such a horrible language ...

>>106524589
C++ would do the same.

>npmjs.help
What a retard

but is isEven compromised???

when will freetards learn?
just use windows, problem solved!

>>106523894
why the fuck would anyone ever trust/click a link in an email? are these people 70yo or something??

>>106523894
yeah nice, fuck packages, fuck npm, I was right since the beginning

I almost shat myself reading this in the GitHub advisory
>Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Thankfully it doesn't affect developer machines.
Fucking retarded. Shit like this dissuades me from touching webjeet ever again.

>>106525294
Apparently 2Fa makes you do it. I never enable 2FA so I wouldn't know.

>>106525694
This is true and standard practice for any malware that got access to a system.

>>106523926
Kill yourself, Drew

>>106524654
C++ doesn't have package managers

>>106525724
Not Drew, but it is fairly obvious that the guy knows what he is talking about ...

>>106525744
I mean code-wise. Also they would just put it into boost.
>language specific package managers
Fucking retarded.

This wouldn't be a problem if they had signed packages like Maven central. But no, mention package signing and they all recite their favorite 12 year old blog post verbatim.
https://caremad.io/posts/2013/07/packaging-signing-not-holy-grail/
These people are idiots. They're like children playing with loaded guns.

I don't touch webshit, what are these packages for?

>>106525755
boost is not ran by one person so it would be impossible.
Node has literal thousands of sub 100 LoC packages with >10M downloads that are owned by one person. That is what makes it so vulnerable.

>>106525753
Please refer to >>106525724

>>106524432
the moral of the story here is don't keep your wallets on your computer? don't use them with a bleeding edge setup?

fucking webjeet niggers i swear to god

>>106524589
Reminder that the majority of the websites you use, including this piece of shit, is filled with libraries like this.

Module support, import and similar was the worst thing to happen to JS, to ECMA at large.
It allowed garbage-tier "developers" in to webdev.
Librarymonkeys need shot.
Now we have an even worse plague - fucking vibecodemonkeys.

>>106525853
>trying to gatekeep nigger jeet webdev
lmao sit down you dont get to look down on anyone you subhuman

>>106523894
So did it work? anyone got their crypto transactions altered?
also i would have fallen for it ngl

>>106525694
Based. Developer chads win again. Thank god the mere act of coooooding means I'm safe from malware

>>106525694
>he doesnt know

>>106525786
revolutionary things that before AI were impossible for mere mortals to code by themselves like "checking if a number is even or odd"

before you think i'm being hyperbolic and fucking with you,
https://www.npmjs.com/package/is-even

>>106524589
ironically LLMslop solves this since it will write its own functions for all this shit and loves to reinvent the wheel

>>106525924
yeah, one of the 200 wallets had tens of thousands of vbux siphoned through it when i last checked>>106524078

>>106525980
>code tabs allows you to see the code
>it's marked as beta
Why?
>it requires javascript to be enabled to show the code
To run malware in my browser?

https://www.npmjs.com/package/is-odd?activeTab=code
>checking whether a number is odd can throw an exception
God I'm so glad to be a cnile.

>>106525980
what does this return if you run it on things like 2.5, pi, i, etc

>>106526029
idk but im pretty sure mathematically speaking those numbers are not even and therefore can only be odd

>>106526029
Exception. Just of the type "Exception", which means nobody considered that you might want to catch this error.

>>106526058
>"Exception"
Actually "Error", but the argument doesn't change.

>>106526058
what type of exception should you even return? NotAnInteger?

>>106526060
>odd infinities
>even infinities

there's all kinds of infinities retard, uneducated fuck, wanna feel alive again? some infinities are bigger than others... WOOOOW HOLYT SHIT did i break you stupid small ape brain?

>>106526029

  if (!Number.isInteger(n)) {
    throw new Error('expected an integer');

reminder that these are the people who parrot LEARN TO CODE and bemoan jeets taking their jobs and that your job is a Bullshit Job if it's not coooooding

>>106526029
In a normal language, a compile error happens before you even try to run it
>>106525785
“It’s not a 100% bulletproof solution so therefore we shouldn’t try it at all” has got to be one of the dumbest arguments I’ve ever heard and it’s insane how much it’s used. On the other hand, these are the people who are solely responsible for 99.99999% of web-based security holes by the mere existence of automatically executing arbitrary user-provided programs as a concept anyone accepts as reasonable so they’re probably not the ones anybody should be asking

>>106526167
>In a normal language, a compile error happens before you even try to run it
have you ever heard of input? you can't catch it at compile time lol

>>106523926
Your skull deserves to be smashed in, Drew.
You accomplished nothing in your life and your death would be for the better.

>>106525785
>signed packages
Certificate bullshit has never fixed anything. Kill yourself.

>>106523926
>Drew Devault was right about the package managers.
link to post?

>>106526210
I have. Have you heard of making sure a function that only makes sense to run on integers only accepts integers and if you want floats (eg from user input) you have to cast them to integers separately? It’s called strong typing and it’s fucking amazing

File: drew.png (1011 KB, 1250x1682)

1011 KB PNG

>>106523926
Sorry Drew, but GingerBill just released and article shitting on package managers, and unlike you, he's not a huge narcissistic pedophile faggot.

>>106526250
https://harelang.org/documentation/faq.html
>Moreover, Hare is culturally distinct from Rust, for example we have no package manager and encourage less code reuse as a shared value

>>106526352
Link?

>>106523894
no, phishing is.
it's clear we need a password alternative like, yesterday that would prevent this, but passkeys are judaic. why is this such a hard field to solve? ssh can do TOFU to validate sites and also has a working pubkey infra.

>>106526352
Odin nigger is also a midwit so who cares what he just released.

>>106526371
im not enrolling in an entire chain of trust certificate program just to download a package that tells me whether a number is divisible by 2 (and throws an exception when it is given an integer instead of a string)

File: (You) to fuck off.png (950 KB, 1080x810)

950 KB PNG

>>106526392
Whatever Drew

>>106526371
>ssh can do TOFU to validate sites
now the same sentence but without gay acronyms

>cryptofaggots' shit is powered by literally fucking unironically JAVASCRIPT
I always knew this shit was nothing but a fucking ponzi scheme

>>106526421
Good. It should be difficult to install packages so you’re encouraged to only install the ones you *actually* need and only update it when you need new features or fixing CVEs

>>106526737
but how else can i possibly know if a number is 2?