Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.
⚠️ https://thehackernews.com/2024/12/thousands-download-malicious-npm.html
#npm #javascript #typescript #types #libs #download #package #code #webdev
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕™ /
npub1mg…zjewv
2024-12-19 15:20:03
Author Public Key
npub1mgm90y9lsclc33eq5284adjxxm0k4dz7jp0z7ca9z378u8p8sjfskzjewvPublished at
2024-12-19 15:20:03Event JSON
{
"id": "349e67634b6af5f80f09d491ef57e768332f75f6978005bf725d5545c7c21afb",
"pubkey": "da365790bf863f88c720a28f5eb64636df6ab45e905e2f63a5147c7e1c278493",
"created_at": 1734621603,
"kind": 1,
"tags": [
[
"t",
"npm"
],
[
"t",
"javascript"
],
[
"t",
"typescript"
],
[
"t",
"types"
],
[
"t",
"libs"
],
[
"t",
"download"
],
[
"t",
"package"
],
[
"t",
"code"
],
[
"t",
"webdev"
],
[
"proxy",
"https://chaos.social/users/kubikpixel/statuses/113680161399469188",
"activitypub"
]
],
"content": "Thousands Download Malicious npm Libraries Impersonating Legitimate Tools\n\nThreat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.\n\n⚠️ https://thehackernews.com/2024/12/thousands-download-malicious-npm.html\n\n#npm #javascript #typescript #types #libs #download #package #code #webdev",
"sig": "2d6e841fa40a880e265aa0ac712029eb4f6fbcab6c9eebfc9d30dbcb564542463382b643a3d62587fcb407be77997c5ac399287514685b139ae0381d0e4bac4a"
}