A while back I wrote up NPM and New Cities for Trojan Horses, mostly linking to this hypothetical how-to on putting in a credit card swiping bit of javascript in innocent looking code.
Something along those lines seems to be happening now, in the wild, for eslint-scope where some code seems to looking to grab .npmrc files and send them off, via pastebin. YIKES!
No comments:
Post a Comment