Echo JS 0.11.0

Using ChatGPT to look for malware on npm

at socket.dev

2 up and 0 down, posted by feross 588 days ago 5 comments

jklu 588 days ago. link 1 point ▲ ▼

Would be nice if the owner of Github (Microsoft) would take its responsibility to protect NPM as they apparently have the tools like chatGPT.

tracker1 583 days ago. link 1 point ▲ ▼

If you have a node codebase on Github, it will create pull requests against your codebase for your repository when there are security issues against a package you depend on. I'm not sure what you're expecting beyond that.

jklu 580 days ago. link 1 point ▲ ▼

Well apparently others can do more using technology that is made available by Microsoft. 

Things like detecting obfuscated code and SQL injection seem, reading this article, to be easily catched by chatGPT.
If this technology is so good, then why does GitHub not use it to improve security for the whole ecosystem?

tracker1 577 days ago. link 2 points ▲ ▼

You should file an issue, or the suggestion with Github.

jklu 564 days ago. link 2 points ▲ ▼

Thanks for the hint, it motivated me to figure out how to submit such a suggestion :-)
https://github.com/orgs/community/discussions/54075