Echo JS 0.11.0

Using ChatGPT to look for malware on npm

at socket.dev

2 up and 0 down, posted by feross 387 days ago 5 comments

jklu 387 days ago. link 1 point ▲ ▼

Would be nice if the owner of Github (Microsoft) would take its responsibility to protect NPM as they apparently have the tools like chatGPT.

Replies

tracker1 382 days ago. link 1 point ▲ ▼

If you have a node codebase on Github, it will create pull requests against your codebase for your repository when there are security issues against a package you depend on. I'm not sure what you're expecting beyond that.

jklu 379 days ago. link 1 point ▲ ▼

Well apparently others can do more using technology that is made available by Microsoft. 

Things like detecting obfuscated code and SQL injection seem, reading this article, to be easily catched by chatGPT.
If this technology is so good, then why does GitHub not use it to improve security for the whole ecosystem?

tracker1 376 days ago. link 2 points ▲ ▼

You should file an issue, or the suggestion with Github.

jklu 363 days ago. link 2 points ▲ ▼

Thanks for the hint, it motivated me to figure out how to submit such a suggestion :-)
https://github.com/orgs/community/discussions/54075