*dons flat cap* In my day, you knew a site was hacked because you’d be greeted with green-on-black text stating the site was “0wned” by the “hackersaurus” and their “l33t crew”. You’d also get a few animated GIFs of skulls, and if you were really lucky, a picture of a big ol’ arse. But now… now it’s all stealthy crypto bullshit.

Jake Archibald on hacking.

This entire article is about what happens when packages (y’know, those bits of other people’s code you include in your code) go bad, which is also an interesting topic asides from the quote above that made me lol.

It’s called a supply chain attack, incidentally, and they’re getting more and more common. I mean, why hack one thousand apps when instead you can hack just one and get auto-updated into the thousand that use it as a dependency?