Researchers Hijack Popular NPM Package with Millions of Downloads,
A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack.
« The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password, » software supply chain security company Illustria said in a report.
While npm’s security protections limit users to have only one active email address
« The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password, » software supply chain security company Illustria said in a report.
While npm’s security protections limit users to have only one active email address
,
A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack.
« The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password, » software supply chain security company Illustria said in a report.
While npm’s security protections limit users to have only one active email address
« The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password, » software supply chain security company Illustria said in a report.
While npm’s security protections limit users to have only one active email address
, ,
https://thehackernews.com/2023/02/researchers-hijack-popular-npm-package.html