this post was submitted on 28 Mar 2024
404 points (97.2% liked)
Technology
59421 readers
3944 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
*bad Devs
Always look on the official repository. Not just to see if it exists, but also to make sure it isn't a fake/malicious one
You'd be surprised how well someone who wants to can camouflage their package to look legit.
True. You can't always be 100% sure. But a quick check for download counts/version count can help. And while searching for it in the repo, you can see other similarly named packages and prevent getting hit by a typo squatter.
Despite, it's not just for security. What if the package you're installing has a big banner in the readme that says "Deprecated and full of security issues"? It's not a bad package per say, but still something you need to know
*per se
https://en.m.wiktionary.org/wiki/per_se
Oh, TIL
Edit: *YourWeb