Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 13 days agoHidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installationthehackernews.comexternal-linkmessage-square5linkfedilinkarrow-up165arrow-down11
arrow-up164arrow-down1external-linkHidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installationthehackernews.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 13 days agomessage-square5linkfedilink
minus-squaresolrize@lemmy.mllinkfedilinkEnglisharrow-up2·13 days agoWell, do the packages tend to be closed source? .deb packages are also often just binary, but there is usually a separate source package available.
minus-squaregwl@lemmy.blahaj.zonelinkfedilinkEnglisharrow-up2·edit-213 days agoThey vary by publisher
minus-squaree8d79@discuss.tchncs.delinkfedilinkEnglisharrow-up2·13 days agoMany packages are open source, some are not. Source code is usually not distributed via NuGet you can instead use the project URL from the manifest to find the sources if they are available.
Well, do the packages tend to be closed source? .deb packages are also often just binary, but there is usually a separate source package available.
They vary by publisher
Many packages are open source, some are not. Source code is usually not distributed via NuGet you can instead use the project URL from the manifest to find the sources if they are available.