New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm ua-parser-js hijack #4
Comments
some detail on https://snyk.io/vuln/npm:ua-parser-js |
This looks like a relevant story https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices |
The relevant issue from Github faisalman/ua-parser-js#536 |
All of this looks very relevant, thanks! I'll shortly either update it here or at https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises. This reminds me of event-stream, which is already listed there. Going by faisalman/ua-parser-js#536 (comment) |
Tracking it here: cncf/tag-security#812 |
Thanks for bringing it up here! Did you hear of it from a particular channel / mailing list etc? Because if so, I'd like to join it and keep an eye out for other instances. |
Closing in favour of the tag-security thread. |
I heard about it from a channel in my coworking space's Slack - not a dedicated security channel. |
Gotcha. Thank you! |
report this a.m. of https://www.npmjs.com/package/ua-parser-js being hijacked in NPM - I don't have much more in the way of details yet.
The text was updated successfully, but these errors were encountered: