Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Supply-chain attack using invisible code hits GitHub and other repositories
(
arstechnica.com
)
2 points
by
pabs3
2 days ago
|
hide
|
past
|
favorite
|
1 comment
help
tcbrah
2 days ago
[–]
the fact that github still renders Private Use Area codepoints as whitespace instead of flagging them is wild tbh. like we've known about this vector since 2024 and npm/github just shrugged
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
reply