Malware behavior (possibly found in pip or npm dependencies) in the Reticulum/MeshChat application
https://github.com/liamcottle/reticulum-meshchat/issues/128
gemini://ps.cities.yesterweb.org/uk/malware-in-reticulum-meshchat-dependencies.gmi
2025-12-02 · 5 months ago
4 Comments ↓
👻 darkghost · Dec 02 at 16:24:
My alarm bells are going off here. Curious to see what is found.
Possibly related to the Shai-Hulud exploit?
Dependencies are a lot like sexual partners, and it seems most (all?) programming languages are trying to make it easy to be as promiscuous as possible via internal package managers...
👻 ps [OP/mod] · Dec 03 at 03:39:
Today I found this issue (with meshchat node disabled). Now email sending once per day at 00:00 (instead of hour) Maybe it is not related, lot of shit was installed. Maybe even infected repository dependency, not pip.
a maintainer has requested additional info on the GitHub issue you posted, in case you haven't seen it