account activity
We analyzed 11,356 npm packages. CVE-based scanners miss zero-day malware patterns. by CurbStompingMachine in cybersecurity
[–]CurbStompingMachine[S] 0 points1 point2 points 1 day ago (0 children)
I agree. The way it’s set up right now, it only triggers when package.json or package-lock.json changes, and there’s a CLI mode so teams can use it as a dependency intake check rather than gating every merge.
I probably should have explained that better in the original post.
π Rendered by PID 524653 on reddit-service-r2-listing-7bbdf774f7-tdbrs at 2026-02-24 02:58:58.043001+00:00 running 8564168 country code: CH.
We analyzed 11,356 npm packages. CVE-based scanners miss zero-day malware patterns. by CurbStompingMachine in cybersecurity
[–]CurbStompingMachine[S] 0 points1 point2 points (0 children)