Malicious JS Lifecycle Hooks Found Hiding Inside PHP Composer Packages
23d 16h ago by lemmy.world/u/exakat in php from securityonline.info
That website is malicious. First thing after loading: allow notifications?
Couldn't get past the cookie banner, so...
Another source for this info: https://socket.dev/blog/malicious-postinstall-hook-found-across-700-github-repos
I mean if you're using php in 2026...
🤡👞
I didn't specify why. Interesting how defensive you clowns get, though glad to see you didn't forget your makeup.
Half the internet runs on PHP bro. It pays a lot of rent and mortgages.
The toolchain is less hellish than JS for sure.
Its a pragmatic choice and its very easy to disregard you and opinions when its indistinguishable from 2005 skiddy talk.