security

ChatGPT recommending random npm packages to install is a supply chain attack nightmare.

Building /bright-moments - minting onchain art IRL | /purple #15 | FID 129 #magikarp

Rome, Metropolitan City of Rome Capital, Italy

Just had a conversation with Feross, who is building a company to protect against software supply chain attacks. Super interesting conversation. Will post it soon!

Yeah, no kidding. That’s a great way to take down half the internet.

I thought I was paranoid because I always go to npm to look at the package, make sure it’s what I think it is, I’m using the correct package name, etc. 

Thank you for affirming I’m smart & not crazy, at least on this front.

sometimes ai is wrong 🤔 we are all not perfect