Merge branch 'links' into 'main'main

doc: add link to an attack that has happned See merge request larswirzenius/contractor2!1
author: Lars Wirzenius <liw@liw.fi> 2020-12-13 11:16:51 +0000
committer: Lars Wirzenius <liw@liw.fi> 2020-12-13 11:16:51 +0000
commit: 36c185c8ba54ac0d4240e7188538b935151ce44d (patch)
tree: 6fc664aeda07dfa7bad81ee365d08156d9297c8f
parent: f039d822db63d46c772c85f44db36909656ebf05 (diff)
parent: 7f8c0572310aa2994aafcf68dbcd3286a1925da9 (diff)
download: contractor2-main.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/contractor.md b/contractor.md
index b441865..faa1795 100644
--- a/contractor.md
+++ b/contractor.md
@@ -83,6 +83,10 @@ The conclusion here is that to build software securely, we can't
 assume all code involved in the build to be secure. We need something
 more secure. The Contractor aims to be a possible solution.
 
+## Links to attacks
+
+* [Malicious npm package opens backdoors on programmers' computers](https://www.zdnet.com/article/malicious-npm-package-opens-backdoors-on-programmers-computers/)
+
 ## Threat model
 
 This section collects a list of specific threats to consider.
author	Lars Wirzenius <liw@liw.fi>	2020-12-13 11:16:51 +0000
committer	Lars Wirzenius <liw@liw.fi>	2020-12-13 11:16:51 +0000
commit	36c185c8ba54ac0d4240e7188538b935151ce44d (patch)
tree	6fc664aeda07dfa7bad81ee365d08156d9297c8f
parent	f039d822db63d46c772c85f44db36909656ebf05 (diff)
parent	7f8c0572310aa2994aafcf68dbcd3286a1925da9 (diff)
download	contractor2-main.tar.gz