Could they detect code running from a new IP address or location and ask for a 2... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		deevus 4 months ago \| parent \| context \| favorite \| on: Oh no, not again a meditation on NPM supply chain ... Could they detect code running from a new IP address or location and ask for a 2FA code?

cube00 4 months ago [–]

postinstall is running on the developer's machine, from an endpoint security perspective, it's the actual developer performing the malicious actions, their machine, their IP address and their location.

deevus 4 months ago | [–]

That's a good point. Thanks

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact