Dev News: Trouble in npm, Vue 3.3 and Cloudflare Updates

Source: thenewstack.io

Dev News: Trouble in npm, Vue 3.3 and Cloudflare Updates
ReversingLabs researchers revealed Thursday that two malicious packages lived on npm for two months before being detected. “The presence of such suspicious characteristics and behaviors first caused the npm package nodejs-encrypt-agent to come to our attention,” wrote https://www.linkedin.com/in/lucija-valenti%C4%87-731975210?original_referer=https%3A%2F%2Fwww%2Egoogle%2Ecom%2F&originalSubdomain=hr, a software threat researcher at ReversingLabs. “First published more than two months ago, nodejs-encrypt-agent appears at first glance to be a legitimate package.

At first, they dismissed the findings, thinking npm administrators would have recognized if the package was malicious.

“Still, the malicious packages were almost certainly responsible for the malicious TurkoRat being run on an unknown number of developer machines.
Read Full Article On thenewstack.io
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Mailjet

Namecheap

Become a Partner?
DevOps Careers
    • Add a Job?