NPM, Cargo & PyPi Are Broken By Design

Channel:
Australia Brodie Robertson
Subscribers:
102,000
Published on ● Video Link: https://www.youtube.com/watch?v=evY5MuA9I-Y


Duration: 10:25
5,689 views
370

Once again another malicious package is discovered is cargo, and this just goes on the massive and ever growing list of times this has been discovered is repos that don't have 3rd party over sight, like NPM, Cargo, PyPi and more.

==========Support The Channel==========
► $100 Linode Credit: https://brodierobertson.xyz/linode
► Patreon: https://brodierobertson.xyz/patreon
► Paypal: https://brodierobertson.xyz/paypal
► Liberapay: https://brodierobertson.xyz/liberapay
► Amazon USA: https://brodierobertson.xyz/amazonusa

==========Resources==========
Drew Devault Post: https://drewdevault.com/2022/05/12/Supply-chain-when-will-we-learn.html
Rustdecimal Package: https://blog.rust-lang.org/2022/05/10/malicious-crate-rustdecimal.html
Foreach Package: https://mastodon.social/@lrvick/108274062191145538

=========Video Platforms==========
🎥 Odysee: https://brodierobertson.xyz/odysee
🎥 Podcast: https://techovertea.xyz/youtube
🎮 Gaming: https://brodierobertson.xyz/gaming

==========Social Media==========
🎤 Discord: https://brodierobertson.xyz/discord
🎤 Matrix Space: https://brodierobertson.xyz/matrix
🐦 Twitter: https://brodierobertson.xyz/twitter
🌐 Mastodon: https://brodierobertson.xyz/mastodon
🖥️ GitHub: https://brodierobertson.xyz/github

==========Credits==========
🎨 Channel Art:
All my art has was created by Supercozman
https://twitter.com/Supercozman
https://www.instagram.com/supercozman_draws/

#NPM #PackageManager #Linux #Cargo #PyPi

🎵 Ending music
Music from https://filmmusic.io
"Basic Implosion" by Kevin MacLeod (https://incompetech.com)
License: CC BY (http://creativecommons.org/licenses/by/4.0/)

DISCLOSURE: Wherever possible I use referral links, which means if you click one of the links in this video or description and make a purchase I may receive a small commission or other compensation.



Other Videos By Brodie Robertson


2022-05-29These Pacman Scripts Should Ship With Arch Linux
2022-05-28Why Don't Linux Terminals Show The Password You Type
2022-05-26How To Get Banned From Any Github Repo
2022-05-25Ubuntu 22.10 Is Dropping PulseAudio For PipeWire!!
2022-05-24Valve Fully Embraces Steam Deck Right To Repair!
2022-05-237 Tools Every Linux Gamer NEEDS To Use!
2022-05-221,000 Linux Videos Made: Looking Forward to 1,000 More
2022-05-21This Open Source Dev Made A 50k Fund For Other Devs
2022-05-19Hey Linux Community! Grow up & Stop Acting Like Children!
2022-05-18Bringing Windows Best Feature To Linux!!
2022-05-17NPM, Cargo & PyPi Are Broken By Design
2022-05-16Where Do You Go After The Ancient Thinkpads
2022-05-15Systeroid: Best Way To Set Linux Kernel Parameters
2022-05-14This Is A Growing Standard To Disable Terminal Color
2022-05-12Nvidia Open Sources Linux Drivers!! But There's A Catch
2022-05-11US Begins Massive Crackdown On Piracy Sites
2022-05-10China To Ditch 50 Mil Windows PCs for Linux
2022-05-09Tesseract OCR: Extract Text From Any Image
2022-05-08MusikCube: All In One Player, Library & Streaming
2022-05-07Welcome To My New House & Studio Planning
2022-05-05New Official Arch Linux Installer Is Almost Perfect!


Tags:
brodie robertson
brodie robertson linux
brodie robertson arch linux
package manager
package manager in linux
npm
npm package manager
pypi
pypi package manager
aur
linux aur
arch user repository
ruby gems
ruby gems package manager
node package manager
linux npm
npm linux
npm malicious package
cargo malicious package
npm package takeover
npm is bad
what is a package manager
cargo