Node.js Garbage Dump NPM Admits To Malware Enabling Pheature

California based NPM Inc, curators of the npm javascript package collection, have admitted their command line based 'npm' package manager has for a very long time included a pheature helpfully allowing malware to walk filesystems in search of crypto keys (archived). Facebook's 'yarn' alternative client for NPM's package collection also included a very similar pheature.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>