12/28/2022 0 Comments Npm save package![]() Just over 2 per cent of the malware was crafted for remote code execution. Most of the malware detected (~82 per cent) is designed for reconnaissance – gathering information that may be useful for targeting future attacks. If you're using this hijacked NPM library anywhere in your software stack, read this.NPM packages disguised as Roblox API code caught carrying ransomware.GitHub fixes authorisation vulnerability in the NPM JavaScript package registry.JavaScript dev deliberately screws up own popular npm packages to make a point of some sort."A worrying fact is that almost 14 per cent of all the packages detected were designed to steal sensitive information like credentials and other data present in environment variables," the WhiteSource report says. And while finding 1,300 bad apples among the new and the preexisting packages during that time period shows that poisoned packages are rather rare overall, there's still reason to be concerned given the consequences of being victimized. The npm registry receives some 17,000 new packages daily or 6.2 million over the course of a year. WhiteSource, in a report titled "Popular Javascript Package Registry Is a Playground For Malicious Actors," summarizes what it found in the 1,300 malicious packages spotted last year by company researchers. The closest contender is Java's Maven Central, with about 457,000 packages at the moment. The npm registry is larger than its peers, with 1.8 million packages, each of which has an average of about 12 different versions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |