top | item 45291220

(no title)

kjok | 5 months ago

> on the other hand, the previous supply chain attack was found by automated tech.

Are you sure about this? Would love to see which ones.

discuss

The chalk/debug one https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... I believe socket also found it this way just a bit later.

The dev later said that Charlie notifying him probably shaved off some very important time for the remediation.

So in this case 2 different companies found it using automated tech before anyone else

CharlieEriksen|5 months ago

Hi, I'm Charlie from Aikido, as mentioned above. Yes, we detected it automatically, and I alerted Josh to the situation on BSky.

There's no reason why Microsoft/npm can't do what we're doing, or any of the other handful to dozen companies that do similar things to us, to protect the supply chain.

unknown|5 months ago

[deleted]