Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
ZiiS
11 days ago
|
parent
|
context
|
favorite
| on:
Mini Shai-Hulud Strikes Again: 314 npm Packages Co...
It is your development machine's AWS keys they want. The server's keys should be too finly scooped anyway.
help
troad
11 days ago
|
next
[–]
Not likely to be a major risk if you update every few months, to some major version that's already over a month old.
reply
wavemode
11 days ago
|
prev
[–]
I would imagine it's the opposite. Most dev's machines can't query the prod database, for example, whereas a prod server can.
reply
erikerikson
11 days ago
|
parent
[–]
Nope, they've been targeting credentials so they can deploy whatever they like into prod. They prefer the build machine with it's broader rights than the individual dev boxes.
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
