Skip to content


Links for 2017-08-02

  • Malicious packages in npm

    The node.js packaging system is being exploited by bad guys to steal auth tokens at build time. This is the best advice they can come up with:

    Always check the name of packages you’re installing. You can look at the downloads number: if a package is popular but the downloads number is low, something is wrong.
    :facepalm: What a mess. Security needs to become a priority….

    (tags: javascript security npm node packaging packages fail)

Comments closed