search

AZ-Bitcoin-Network / phoenix-bitdevs-events

The Phoenix BitDevs is a place for free and open Bitcoin education in Phoenix. Discussions will be technical but are open to people of all skill levels. Join the community and #LearnBitcoinTogether!
5 stars 0 forks source link

Topic: malware in NPM packages #3

Open bijeebuss opened 1 year ago

bijeebuss commented 1 year ago

It’s probably not safe to run npm install directly on you machine anymore. These packages can define arbitrary scripts that run when installed. All it takes is one dependency anywhere on the dependency tree to be compromised and your system could be compromised. Docker and dev containers is one potential solution to this problem. Other JavaScript runtimes like deno provide protections against this type of attack

https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm?utm_source=tldrinfosec

zantoshi commented 1 year ago

💯

zantoshi commented 1 year ago

We should def add this to the list of topics under InfoSec