Two NPM Packages With 22 Million Weekly Downloads Found Backdoored

Discussion in 'News Aggregator' started by Ravie Lakshmanan, 8 Nov 2021.

  1. In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts. The two libraries in question are "coa," a parser for command-line options, and "rc," a[​IMG]

    Continue reading...
     

Share This Page

Loading...