hannob
commented
5 years ago I'm with you that this is a serious issue, but part of the point I'm trying to make is that the marketed vulns get all the attention with often not being relevant, so this kinda doesn't fit in as there was no marketing and not that much public attention
Not sure if this is only about "hard-hacking vulnerabilities" or also if packet managers become a target for crazy "soft-hacks" – an example
https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/ https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident
given that this repo was used in several "boilerplate" projects which people actively used we should assign fancy names for such viciousness too.