Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware,
The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation.
« A npm package’s manifest is published independently from its tarball, » Darcy Clarke, a former GitHub and npm engineering manager
« A npm package’s manifest is published independently from its tarball, » Darcy Clarke, a former GitHub and npm engineering manager
,
The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation.
« A npm package’s manifest is published independently from its tarball, » Darcy Clarke, a former GitHub and npm engineering manager
« A npm package’s manifest is published independently from its tarball, » Darcy Clarke, a former GitHub and npm engineering manager
, ,
https://thehackernews.com/2023/07/nodejs-users-beware-manifest-confusion.html