Advertisement
Top
Google engineer finds flaw in NPM scripts

Google engineer finds flaw in NPM scripts

March 29, 2016

Via: Info World
Category:

Never assume a file downloaded from the Internet is safe. That warning also applies to NPM, the default package manager for Node.js. A vulnerability in package install scripts would let an attacker create a self-replicating worm that can spread through NPM packages.

“It is possible for a single malicious NPM package to spread itself across most of the NPM ecosystem very quickly,” Sam Saccone, a software engineer at Google, wrote in his NPM hydra worm disclosure.

Read More on Info World

RELATED PUBLICATIONS

7 innovative ways to use low-code tools and platforms
What Is a Vector Database?
AI used extensively for security but not for coding, JFrog survey finds

Latest Publications

New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data
4 billion Android users who downloaded apps flagged by Microsoft need to take some actions to stay safe
Windows 11 market share declines as users seemingly shift back to Windows 10
Huawei Watch Fit 3 official images confirm it’s an Apple Watch copycat
U.S. Government Releases New AI Security Guidelines for Critical Infrastructure
Technology Curated Copyright © 2024. All rights reserved