Douze (12) paquets hébergés sur npmjs.com contiennent du code malveillant. #npm #javascript #development #registry #money #malware #packages #web #threats #informatique
« Malicious javascript compromise on
npmjs.com. These packages, about a billion downloads prior. » ( Kevin Beaumont )
« Make security auditing a part of your routine. » ― « The open-source ecosystem runs on trust, but it's crucial to be vigilant. » [ https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the ]
🛠 How the Malware Works (Step by Step) [ https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised ]
- Additional backdoored packages :
ansi-styles ; debug ; chalk ; supports-color ; strip-ansi ; ansi-regex ; has-ansi
☣️ Shai-Hulud : It includes a self-propagating mechanism that automatically infects downstream packages, creating a cascading compromise across the ecosystem. #backdoor #software #management #tokens #future #worms [ https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised ] #informatique
🦠 « A supply chain attack that conducts a supply chain attack. » ( Nicholas Weaver )
