Featured
Published on July 5th, 2023 📆 | 3089 Views ⚑
0Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware
iSpeech
The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation.
"A npm package's manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager
Source link
Gloss