Malware found in NPM packages with 1 million weekly downloads

Malware found in NPM packages with 1 million weekly downloads (www.bleepingcomputer.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 09 Jun 11:52
https://sh.itjust.works/post/39796477

#cybersecurity

threaded - newest

morgunkorn@discuss.tchncs.de on 09 Jun 12:33 next collapse

A significant supply chain attack hit NPM after 17 popular Gluestack ‘@react-native-aria’ packages with over 1 million downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

BaroqueInMind@lemmy.one on 09 Jun 13:14 next collapse

Doesn’t he Windows 11 start menu use React-native?

Phen@lemmy.eco.br on 09 Jun 21:11 collapse

The malware is not on react-native, but react-native-aria. A “copy” of Adobe’s react-aria libs.

corsicanguppy@lemmy.ca on 09 Jun 21:30 collapse

Is this a new one or is this last week’s? It’s hard to keep the weekly supply chain 'sploits straight. Feed your leopards, kids.