Hacker News new | past | comments | ask | show | jobs | submit login

I suppose that could happen in a malicious tutorial or comment/post with the snippet, like in a StackOverflow answer.



The attacker would need to leave more footprints to do this, but yes. It is common for people to pipe up with "I wrote a thing that does this" and I imagine that results in people picking up odd packages.

I think an experienced programmer probably would be less likely to do this, but perhaps a junior programmer working on a system that no one wants to support anymore introduces a "bad" module.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: