The name npm (Node Package Manager) stems from when npm first was created as a package manager for Node.js.
npm is the world's largest opens source software registry. The registry contains over 800,000 code packages.
Young developers just include open-source packages without doing any sort of security review, hence these kinds of attacks spread exponentially.
The Shai-Hulud malware is a self-replicating worm that targets the npm ecosystem, compromising hundreds of packages and exposing sensitive developer credentials.
At time of writing 27,000 malicious packages were infected, including Postman.
Postman package is a JavaScript library for a simple message bus, at time of writing has about ~750 download a week.
Source : Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (bleepingcomputer.com)
No comments:
Post a Comment