Attackers are hiding malware in minified packages distributed to NPM

CodeRabbit: AI Code Reviews for Developers

Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

coderabbit.ai

featured

InfluxDB high-performance time series database

Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.

influxdata.com

featured

steal-ur-stuff

1 8 23 0.0

Steal Ur Stuff

Whenever something like this comes up I usually have to tap the sign (and the original report)
CodeRabbit

coderabbit.ai featured

CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
npm

2 52 17,233 2.1 JavaScript

Whenever something like this comes up I usually have to tap the sign (and the original report)
cli

3 12 102 9.1 Rust

Command line interface for the Phylum API (by phylum-dev)

We open sourced our tooling to help with this problem specifically. We have an extension framework that wraps npm for three purposes:
birdcage

4 13 185 4.3 Rust

Cross-platform embeddable sandboxing

The sandbox is also open source and available for use by the community.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Rust Malware Staged on Crates.io

3 projects | news.ycombinator.com | 25 Aug 2023
Attackers Repurposing existing Python-based Malware for Distribution on NPM

2 projects | /r/javascript | 19 Apr 2023
Ransomware being published to PyPI in ongoing campaign

2 projects | /r/Python | 9 Dec 2022
A Study of Malicious Code in PyPI Ecosystem

4 projects | news.ycombinator.com | 8 Sep 2023
Can rustc generate identical binaries, with the same hash, from the same souce code?

5 projects | /r/rust | 25 Jun 2023

Attackers are hiding malware in minified packages distributed to NPM

This page summarizes the projects mentioned and recommended in the original post on /r/javascript
hardware-buttons linkedin-bot template-engine-js
Post date: 30 Mar 2023

steal-ur-stuff

CodeRabbit

npm

cli

birdcage

Related posts

Rust Malware Staged on Crates.io

Attackers Repurposing existing Python-based Malware for Distribution on NPM

Ransomware being published to PyPI in ongoing campaign

A Study of Malicious Code in PyPI Ecosystem

Can rustc generate identical binaries, with the same hash, from the same souce code?

Did you know that Rust is
the 5th most popular programming language
based on number of references?

Attackers are hiding malware in minified packages distributed to NPM

This page summarizes the projects mentioned and recommended in the original post on /r/javascript hardware-buttons linkedin-bot template-engine-js Post date: 30 Mar 2023

steal-ur-stuff

CodeRabbit

npm

cli

birdcage

Related posts

Rust Malware Staged on Crates.io

Attackers Repurposing existing Python-based Malware for Distribution on NPM

Ransomware being published to PyPI in ongoing campaign

A Study of Malicious Code in PyPI Ecosystem

Can rustc generate identical binaries, with the same hash, from the same souce code?

Did you know that Rust is the 5th most popular programming language based on number of references?

This page summarizes the projects mentioned and recommended in the original post on /r/javascript
hardware-buttons linkedin-bot template-engine-js
Post date: 30 Mar 2023

Did you know that Rust is
the 5th most popular programming language
based on number of references?