The Hacker News
4 years, 2 months ago
NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them