Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

Written By Auto Tech Wednesday, 5 July 2023 Add Comment

July 05, 2023 at 02:30PM

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager

from The Hacker News https://ift.tt/1nXZyGf

SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

{ads}

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

Related

0 Response to "Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware"

Post a Comment

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads

{ads}

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

Related

Related Posts

0 Response to "Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware"

Post a Comment

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads