New comment by dnaaun in "Maybe you shouldn't install new software for a bit"

dnaaun — Fri, 08 May 2026 06:32:03 +0000

Every dependency compromise that I can remember "in the past few months" were discovered in hours, if not minutes (litllm, axios, bitwarden CLI, Checkmarx docker images, Pytorch lightning, intercom/intercom-php). What's more, the discovery of these compromises did not at all rely on whether the compromises were actively used.

That's why I don't understand:

> If everyone starts waiting a week, their exploits will wait 2 weeks

Hacker News: dnaaun

New comment by dnaaun in "Maybe you shouldn't install new software for a bit"