versionc@lemmy.world to Selfhosted@lemmy.worldEnglish · 15 days agoBitwarden CLI distributed through NPM has been compromised. Bitwarden Statement on Checkmarx Supply Chain Incident.community.bitwarden.comexternal-linkmessage-square79linkfedilinkarrow-up1405arrow-down13
arrow-up1402arrow-down1external-linkBitwarden CLI distributed through NPM has been compromised. Bitwarden Statement on Checkmarx Supply Chain Incident.community.bitwarden.comversionc@lemmy.world to Selfhosted@lemmy.worldEnglish · 15 days agomessage-square79linkfedilink
minus-squarewizzim@infosec.publinkfedilinkEnglisharrow-up1·14 days agoUnfortunately I have to use node for home project (Jellyfin tizen) I was wondering: would it be possible to run node in a sandbox to lower the scope of the attack? (i.e. not compromise my home computer) Or is maybe a full VM a better solution?
minus-squarePumaStoleMyBluff@lemmy.worldlinkfedilinkEnglisharrow-up5·14 days agoTechnically you can use node without npm.
minus-squarecaptcha_incorrect@lemmy.worldlinkfedilinkEnglisharrow-up3·14 days agoWouldn’t verion pinning solve this problem?
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up3·14 days agoJellyfin is available in apt
minus-squarewizzim@infosec.publinkfedilinkEnglisharrow-up2·14 days agoI need to build it, jellyfin-tizen is a separate project for Samsung TVs
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up4·14 days agoI think you need to throw out the Samsung TV to be secure
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up2·14 days agoFull VM and network isolation. and dont put anything important there (nor a reused password for auth)
Unfortunately I have to use node for home project (Jellyfin tizen)
I was wondering: would it be possible to run node in a sandbox to lower the scope of the attack? (i.e. not compromise my home computer) Or is maybe a full VM a better solution?
Technically you can use node without npm.
Wouldn’t verion pinning solve this problem?
Jellyfin is available in apt
I need to build it, jellyfin-tizen is a separate project for Samsung TVs
I think you need to throw out the Samsung TV to be secure
Full VM and network isolation. and dont put anything important there (nor a reused password for auth)