Its a crazy world.. and because “most” developers that use nodejs.. use npm in some way or form .. its crazy to think that we so dependent on npm’s and that this can cause havoc.
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.
"The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages," supply chain security company Socket said….
o well you can read more at..
