npm - The Playground for Malicious Packages
Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.
Read the full articleYou might also wanna read

These aren’t the npm packages you’re looking for
Earlier in the year, over 500 malicious packages were released into the npm ecosystem to create dependency confusion. Let’s look at some way
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
A 176-package npm malware campaign used dependency confusion and install-time scripts to steal credentials and compromise developer and CI/C

Targeted npm dependency confusion attack caught red-handed
Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Packages downloaded from NPM can fetch dependencies from untrusted sites.
arstechnica.com·8mo ago
Snyk uncovers malicious code activities in open source supply chain security on the npm registry
In a recent npm security research activity, Snyk uncovered a total of 8 npm packages that matched a specific malicious code vector of attack

Comments
Sign in to join the conversation.
No comments yet. Be the first.