Opening a cloned repo is no longer safe
Solid breakdown of the Miasma worm — one commit, same dropper wired into 7 config files across VS Code, Claude Code, Gemini, Cursor, npm, Composer, and Bundler. No malicious dep needed, just clone + open. Nobody reviews these files in PRs. https://safedep.io/config-files-that-run-code/ Anyone actually treating dotfile diffs as code? submitted by /u/No_Plan_3442 [link] [留言]
本文内容来源于互联网,版权归原作者所有
查看原文