Sign In
to Vote &
Create Storyboards.
 
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling
1
0
0


Storyboard
Print
Share this Article

Recommended

  • {TITLE}
    {PUBLISHER} - {PUBLISHED_DATE}
    {VIEWS}
  • Create Storyboard