{ads}

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware



July 05, 2023 at 02:30PM

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager

from The Hacker News https://ift.tt/1nXZyGf

Related

Related Posts

0 Response to "Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware"

Post a Comment

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads