Links for 2017-08-02

  • Malicious packages in npm

    The node.js packaging system is being exploited by bad guys to steal auth tokens at build time. This is the best advice they can come up with:

    Always check the name of packages you’re installing. You can look at the downloads number: if a package is popular but the downloads number is low, something is wrong.
    :facepalm: What a mess. Security needs to become a priority….

    (tags: javascript security npm node packaging packages fail)

This entry was posted in Uncategorized. Bookmark the permalink. Trackbacks are closed, but you can post a comment.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*
*