mcatee.io > reading list

[Link] Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised

Read: 25/10/2021 hackaday.com

Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack.

attacks on infrastructure code cyber crime cyber hacks dependency attack hackaday hackers javascript nodejs npm package managers programming software software dependencies software development software libraries upstream attack

[Link] NPM is Now Providing Malware – or was until recently

Read: 30/7/2021 www.theregister.com

Another malicious library has been spotted in the JavaScript-oriented NPM registry, underscoring the continued fragility of today's software supply chain.

code cyber hacks cybersecurity hacks malicious software microsoft module repositories nodejs npm software software development

index > var path_terms=window.location.pathname.split("/"); var pathname = path_terms.slice(0, path_terms.length-2).join("/"); var indexButton = document.getElementById("indexButton"); indexButton.href = pathname+"/"; npm

[Link] Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised

[Link] NPM is Now Providing Malware – or was until recently

index
>
npm