36
Notepad++ hijacked by state-sponsored hackers
(notepad-plus-plus.org)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 03 Feb 2026
36 points (97.4% liked)
Free and Open Source Software
21747 readers
114 users here now
If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
Why should the update procedure for an application be handled by the application itself rather than a package manager? Let app devs focus on their app and repository maintainers on update manifests.
Well, in this case I think it's a remnant of n++ predating any package manager on windows. I do think that an embedded self-updater is better than having to download a new version through the browser.
It wasn't entirely clear to me if the compromise effects those of us who installed it though scoop/winget, as the package manager should pull directly from the correct source, so the compromised updater shouldnt matter. Reinstalled to be sure.
This is it exactly. When I was using Npp, Windows didn’t have anything resembling a package manager. Does it even really have one now?
I mean kinda. You have to use both WinGet and Scoop to cover all the use cases...
There's also Chocolatey but I don't know if that gets used anymore.
When I first installed N++, none of these were a thing yet though. It was just the MSI installer.
I would say chocolatey and scoop are pretty much interchangeable. I don't remember why I landed on scoop. Agreed that until recently there have been no package managers on Windows whatsoever.