资讯

Ars Technica

Hundreds of code libraries posted to NPM try to install malware on dev machines

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...