Our company uses yarn 4 which has an option to prevent you from installing an npm package for the first number of days of its release. Most of these seem to be caught within that timeframe (1-3 days).
> Now that the attack window has changed to 7 days, all new exploits like these will come with time bombs to not trigger until 8 days.
Many automated scanners use static code analysis rather than run the installation script. Not all of them are caught, but a good part of them are and you'd be saved by a delay.
Even if everyone used it, the security scanners would still have time to do their static analysis of new packages. Basically, all the clients implementing a delay would create a de facto quarantine status for new packages so they can be examined before everyone starts installing them. (Why npm doesn't just implement that themselves, I do not know.)
Many places run analyzers on published code; many security users have reason to shorten the period. The default period becomes the period where white hats have a chance to detect it and stop it passing the threshold.
Most attacks are discovered 'pretty quickly' via scanning services and groups that monitor repositories. The problem is even an hour gap could mean tens of thousands of downloads and executions.
There is something to be said about the need to keep all the packages as the latest and the greatest at all times. Every minor version update doesn’t need to be immediately applied. And maybe high and critical vulnerabilities don’t need to be a minor version upgrade.
I’m having a real problem at work with security theatre and the growing push to obsess over numbers of “vulnerabilities” in our projects. And then auto Dependabot PRs that encourage churn to fix issues that if an informed person actually reviews easily concludes it doesn’t affect us in the slightest.
A separate pathway to updates. At the moment there is a pressure to keep all the packages updated at all times. Every time a new version of a random package deep in the dependency tree gets published, you roll a dice: is it a bunch of bug fixes that I don’t care about or a vulnerability patch that need to apply immediately? Since it could be either most devs just auto pilot on updates. This creates an environment where newly introduced vulnerabilities get promoted rather quickly before the version matures. Sure, waiting a few days to update a package sounds great, but there is no guarantee that the vulnerability will be found quickly.
To give you a context, I get 20-30 PRs a week across all my repos with potentially hundreds of packages (non distinct) from dependabot. I give it a cursory look and try to get a summary of changes. Do I evaluate every single package update? Nope.
I think you can set it on internal repos, but then you need to allow-list internal code. People act like this is simple + solved, but it's not. It turns into 100K-1M's of LLM tokens on a semi-regular basis, or "just hire a build infra team for your side project" pretty quickly.
The one week cooldown option is not relying on other users to be a canary for you. Its just giving automated scanners a chance to notice. This is the perfect example. I don't think step security found this by accident. They are actively monitoring NPM package releases at some level.
There is something to be said that Microsoft should be scanning packages pre-release. They aren't, though, so for right now there is a ton of value with very little downside if people implement a one week cooldown period.
To answer your question directly, though. If everyone else moves to a one week cooldown, I would absolutely suggest a two week cooldown is a good idea. Being the "slow" moving organization is a good security trade-off so long as you don't take it to extremes and have escape hatches when you actually need to be moving quickly.
There's a really bad implicit assumption in there: Microsoft's scanners have solved the halting problem, so they can tell if a package update will ever flip to malicious mode, or has an intentionally inserted security hole in it.
Of course, this also assumes that Microsoft's internal scanners are much better than the scanners available to the attackers, since any reasonable attacker is going to just run their obfuscated code through a scanner as part of their CI job. (And maybe even use the MS scanner as an oracle by submitting fragments to NPM to see which pieces of their exploit chain get flagged.)
Waiting until everyone else canaries is much stronger, but even that doesn't work on a targeted attack.
Thank you for the thorough response. I got the following from yours and other responses:
* The JS ecosystem has been and will most likely continue to be fast-moving, so it's quite a safe assumption that at no point will a quarantine period be wide-spread.
* This quarantine period is for (semi-)automated scanners to catch the issue. Although considering the above there will always be a non-zero amount of end-user canaries as well.
* Maybe NPM should run scanners before distributing malware?
* If the ecosystem by any chance adopts a week-long quarantine period, you'd be safer if you applied a longer quarantine period.
> Maybe NPM should run scanners before distributing malware?
I suspect there's always a human checking these results. If NPM straight out rejects an update due to suspected malware, they might end up rejecting correct updates as well. If they grant some "safe" patterns a special pass, they might get exploited.
So I think this only works if you have security scanners that are well-maintained and kept in secret. NPM folks could of course co-operate with some security companies to have a first stab with the releases before they are put to public access. At some point some parties might start want to have monetary compensation for such an arragnement, though.
Look, nobody requested fully automated scanners that are never wrong. A scanner that asks the project owner to sign in with 2fa and confirm the release in case it's been flagged is going to be more than sufficient.
A large array of automated and semi-automated security scanners are finding things quickly. The main benefit of waiting before updating is to give those scanners time to work.
Security scans and authors realizing an unauthorized version was pushed will generally happen regardless of whether regular users updated. Even for compromises that are found by users updating, it'd generally be better to reduce the number of people affected with a slow roll-out rather than everyone jumping on at once.
It works because there are multiple companies doing it and double checking the results.
For example, is a crypto miner actually an attack? If the package presents itself as a miner, then no. Is connections to other repositories an attack? Again, depends on what the package does. Connections to some other hostname? Depends.
There is still a lot of human analysis that occurs in making the call that an attack is occurring.
I think the key right now is that these are semi-automated scanning processes. Right now, companies like step security selectively publish. So, in order for a hacking group to find out if their malware is detected or not, they have to burn access to a useful package.
None of this is to say I think Microsoft shouldn't be doing something as part of the release process on NPM. However, there is real value in giving more independent third parties a window to do things semi-manually.
@exitb it is much more desirable for security scanning companies to compete to find issues in a timely manor. If npm blessed one as a gatekeeper to the whole system they would be between a rock and a hard place. Unable to priorities high impact packages over the long tail of packages no one uses without pissing people off. Unable to add experimental new detections that may be a little noisy at first due to the huge disruption it would cause. Be trivial to game as obscure packages could brute-force their way though then use the same hole on a mainstream package.
Then the ... malware will just add delays? Or do they really do manual in-depth analysis of all new code? Just running and seeing it do things is probably a lot easier.
Security scanners won't be "manual in-depth analysis of all new code" or "Just running and seeing it do things", but somewhere in-between - utilizing static analysis/machine learning. It's a cat-and-mouse game, but the attacker adding code that waits X days to run something obfuscated would be another pattern that they could look for.
I think these attackers are unlikely to add a delay in the first place because the chance of their attack being found out before it activates would be too high. They seem to generally work on the assumption that they have a day or so before the package is yanked (e.g: from maintainer noticing their account is compromised) so need to move fast.
I don’t think people really care about rsync or the nuance. They just want to make an insta-reaction, rant about AI, then move on to the next story that raises their blood pressure.
Last time I read that story they were given the option to immediately fly back to Germany for free after their tourist visa was declined but the girls declined the flight because they wanted to fly somewhere else on another flight which wasn’t available yet, which means they had to be detained. So they stayed overnight in an immigration detention facility which included a search.
They also flew to Hawaii without a hotel booked which is something the guards always look for (that was basically 101 common knowledge when I first crossed 15yrs ago). Just like how having a flight out prebooked is important.
I read the article and it doesn’t say it was used for targeting or prioritizing?
> Neither Claude nor any other LLMs detects targets, processes radar, fuses sensor data or pairs weapons to targets. LLMs are late additions to Palantir’s ecosystem. In late 2024, years after the core system was operational, Palantir added an LLM layer – this is where Claude sits – that lets analysts search and summarise intelligence reports in plain English
There’s a lot of humans in that loop who make those decisions.
Yeah militaries don't use commercial chatbots for that, they have their own machine learning implementations. Look into Project Maven for example.
And while there are still humans in the loop, the impression I get is that this is increasingly becoming meaningless, from the way they talk about optimizing the "kill chain" and letting small teams make hundreds of targeting decisions per hour.
> The paradigm shift has already begun. Despite the row, Anthropic’s Claude has reportedly facilitated the massive and intensifying offensive which has already killed an estimated thousand-plus civilians in Iran. This is an era of bombing “quicker than the speed of thought”, experts told the Guardian this week, with AI identifying and prioritising targets, recommending weaponry and evaluating legal grounds for a strike.
It's more the tech leaders than the internet. Sam Altman, Jeff Bezos, Eric Schmidt and such get up on stage or interview regularly with a shit eating grin telling us all about how they are coming for our jobs, will make us obsolete, and there is nothing you can do about it.
It's a natural response for society to despise these people who have such contempt for us. It's almost embarrassing these days being at a social function and telling people I work in software, it's got a negative stigma almost like working in gambling or the military.
I think it's a matter of perception because I didn't interpret any of them as being gleeful about it. If you think about it, "AI will take your jobs and maybe destroy the world" is horrible, horrible marketing -- like, your comment is a perfect illustration of how it is received everywhere -- and yet these CEBros can't stop saying it, which indicates to me that they actually believe it.
Oh, now that their IPOs are nigh they're changing their tunes (https://archive.md/s9EO3) but to me that looks more like they've decided to let $$$ prospects override what they really think.
The general public is not their customer base, they don't have nearly enough money to spend on AI. Going to the media and saying "this product can automate so many jobs" is marketing to other businesses who want to use it to cut their workers out.
There was crazy clip of Eric from Google telling a crowd of university students that in the future AI will do everything, and after the whole audience boos him he keeps pushing the point that they better accept it and get on board. The mentality these guys have is sickening. They have no humility and no humanity.
The general public may not be their customer base (except maybe for ChatGPT, which is primarily a consumer app), but it is the voter base. The AI backlash has been brewing for a while and is bubbling over in the form of data-center pushbacks, and talk about regulation has been picking up. Plus, if "AI destroys the world" does happen, even the capitalists looking to further cut out labor will not be too happy about that.
Even if this was not covered in Marketing 101, it was all pretty predictable. Sure, most of these CEBrOs probably have a god complex (probably fueled by Ketamine) but their behavior is also consistent with the premise that they see a job apocalypse coming and they must warn the world about it.
Especially never liked Eric Schmidt, and he went about it very ham-handedly, but I do think he is right. Stopping is not an option given Capitalism's hunger for growth and the current geopolitical landscape. The genie is out of the bottle and we must adapt, because Capitalism is not going to.
Plenty of big artists like Kanye use AI to experiment with ideas before releasing the full studio recordings. That’s going to become more common. Just like how developers use LLMs to make a POC to test new ideas before putting the hard work into making it real.
YouTube music doesn’t seem to care much about where the music comes from. They do have formal album libraries but not everything is carefully sourced and labelled like Spotify. That’s what makes it good, because you can find tons of lost mixes, old unreleased track and vinyl rips, leaks of new stuff from current artists
I use YouTube proper quite heavily and I find it pretty easy to spot the AI stuff. At a minimum there’s usually a comment pointing it out, just like Instagram videos
Over the last few months they have served me multiple slop tracks in the discover weekly playlist. Probably more I didn't notice when just listening without focus, but several had generic artist name without bio and dozens of nearly identical tracks.
> If you view this as (for example) something for rich mums to take their kids to school in, then it makes a lot more sense.
That’s why Porsche makes their SUVs which are really popular.
High end luxury brands should technically be able to serve both upper-middle and top end at the same time. The important thing is the products are good. And if they aren’t some Chinese or other brand will do it. The age of choosing between a couple 100yr old car companies might be ending soon.
> That’s why Porsche makes their SUVs which are really popular.
Indeed, that's why I referenced SUVs in my post.
My point was that not everyone wants the SUV form factor but still desires something that can be argued as a practical family car. This is why you see executive models like saloon or 4 door coupes. But those cars are often catering to a male-orientated market and have more attainable models (eg Audi A6) that cheapens the brand for the ultra rich.
The Ferrari badge is a bigger signal of wealth and there isn't a whole lot out there that signals that kind of wealth while still being a practical car. Austin Martin sell smaller SUVs (DBX) and 2 door coupes, but nothing like an Audi A5 or A6. Maserati have a few older models that fit this niche but they too have discontinued them for SUVs. Likewise with Jaguar.
The SUV design has basically killed off all other 4-door family cars in the mid-range luxury price range. But at least the Ferrari Luce is at a price point where they're already catering to a smaller demographic and thus they're not relying on the economics of mass production.
At least this is my assumption of Ferrari's target demographic. I could be completely wrong.
And on a personal note, this car isn't to my tastes either -- though as I said before, I'm not the target demographic. But if I had the kind of money to buy a Luce, I think I'd rather by an older Jaguar for the school run and have a modern Austin Martin (2-door coupe) for personal trips.
https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e...
reply