Attackers are hiding malware in minified packages distributed to NPM

This page summarizes the projects mentioned and recommended in the original post on /r/javascript
Package Managers Rust HacktoberFest Security supply-chain

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • steal-ur-stuff

    Steal Ur Stuff

    • Whenever something like this comes up I usually have to tap the sign (and the original report)

  • npm

    • Whenever something like this comes up I usually have to tap the sign (and the original report)

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • cli

    Command line interface for the Phylum API (by phylum-dev)

    • We open sourced our tooling to help with this problem specifically. We have an extension framework that wraps npm for three purposes:

  • birdcage

    Cross-platform embeddable sandboxing

    • The sandbox is also open source and available for use by the community.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts