npm ua-parser-js hijack #4
Comments
|
some detail on https://snyk.io/vuln/npm:ua-parser-js |
|
This looks like a relevant story https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices |
|
The relevant issue from Github faisalman/ua-parser-js#536 |
|
All of this looks very relevant, thanks! I'll shortly either update it here or at https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises. This reminds me of event-stream, which is already listed there. Going by faisalman/ua-parser-js#536 (comment) |
|
Tracking it here: cncf/tag-security#812 |
|
Thanks for bringing it up here! Did you hear of it from a particular channel / mailing list etc? Because if so, I'd like to join it and keep an eye out for other instances. |
|
Closing in favour of the tag-security thread. |
|
I heard about it from a channel in my coworking space's Slack - not a dedicated security channel. |
|
Gotcha. Thank you! |
report this a.m. of https://www.npmjs.com/package/ua-parser-js being hijacked in NPM - I don't have much more in the way of details yet.
The text was updated successfully, but these errors were encountered: