Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Am I understanding right that machines without npm aren't affected by this particular strain?

The headline got my heart going pretty good this morning.



The PKGBUILD files specified npm as a dependency, so it would've been installed prior to installing the malicious file, so not having npm is by no means a guarantee.


There is a link to a shell script in the article to check if you have any impacted package installed.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: