Latest Release
- Repository: Ride-The-Lightning/RTL
- Published on: 2025-09-10 03:32:54 UTC
- Version Tag: v0.15.6
- By: saubyk
- On GitHub: Ride-The-Lightning/RTL/releases
What’s new
We’ve added a fix to protect against a recent npm supply-chain attack where malicious code was found in popular packages. (Details: link)
Why it matters
- Our app doesn’t directly use the bad packages.
- They could still sneak in through indirect dependencies.
- Even though our current package-lock.json was safe, a fresh
npm installcould have pulled in a hacked version.
What we did
- Forced npm to always use safe, audited versions of the risky packages.
- Ignored any vulnerable versions that might be requested by other dependencies.
What you need to do
Run a clean install on the new release with npm ci --omit=dev --legacy-peer-deps.
PGP Key: https://keybase.io/suheb Retrieve the source code repository, check for the latest release and verify the code signature ``` $ git clone https://github.com/Ride-The-Lightning/RTL.git $ cd RTL
$ git checkout v0.15.6
$ git verify-tag v0.15.6 gpg: Signature made Tue Sep 9 20:04:18 2025 PDT gpg: using RSA key 3E9BD4436C288039CA827A9200C9E2BC2E45666F gpg: Good signature from "saubyk (added uid) 39208279+saubyk@users.noreply.github.com" [ultimate] gpg: aka "Suheb 39208279+saubyk@users.noreply.github.com" [ultimate] ```
Install RTL via npm
npm ci --omit=dev --legacy-peer-deps
Docker images available at https://hub.docker.com/r/shahanafarooqui/rtl/tags
Data updated on: 2025-10-18 17:47 UTC