Have you ever see some packages that contains malware?
Some copies of famous package or fake communications that would make beginners install malicious libs?
4 Likes
In all the years of running the CPAN, I donāt recall seeing any deliberate act of malware. We did have someone who was confused enough by the rules that they put a āphone homeā in their installation script, causing them to be the only user ID ever banned (even though it was temporary).
1 Like
What would protect dart while npm and pypi or others are used as by bad actors as vectors?
1 Like
What I could imagine is that libraries that typically only run inside mobile apps might have more limitations than if you can deploy a package to a server?
1 Like
You can say the same from JS lib yet the moment you reach production code there always something than can be done and exploited.
Thinks about all the env you have access to, external service tokens, etc
Not sure of far they go on securing calls if they think āmobile app are secureā.
1 Like
True, in this regard it is indeed interesting that it doesnāt seem to be a problem yet
Pub.dev metrics help a lot in there but sure black/white hats must know a lot of tricks.
When you see the sum involved in any sort of flaws.
Iāve met people working on security issues involved in low levels pen tests within flutter and they were as much as possible under the radar to keep their advantages.
1 Like