Nicholas Zakas
๐ค SpeakerAppearances Over Time
Podcast Appearances
When you treat these attacks as a nuisance,
you leave the door open for more sophisticated attacks that are going to cause more trouble in the future.
And I don't know what those look like.
I mean, I could imagine another type of situation where we had the crypto stealing package.
What if that wasn't targeting a crypto website?
What if that was targeting a major banking website?
or a major stock exchange website.
What would happen in that situation?
And would those people who lost money through an NPM package that was compromised
would they even understand what was going on?
Or would it just be like, oh, by virtue of being on the laptop, I just got screwed.
So I feel like that bigger attack is coming if something major doesn't change.
I don't.
I've only had direct contact with one person.
And I don't feel at liberty to discuss what we've talked about.
But I don't have an idea of how big the team is.
My only sense is that it's fairly small.
Yeah, I mean, I think last year I opened up an issue on NPM and maybe by the end of the year it got a response, like not even a like, oh, this is a good idea, this is a bad idea, just a like...
Oh, hey, that's interesting.
And that was a good indicator to me that it was probably not resourced appropriately.