NPM Malware Targeting HubSpot’s Bucky Client

Our great sponsors

WorkOS - The modern identity platform for B2B SaaS

InfluxDB - Power Real-Time Data Analytics at Scale

SaaSHub - Software Alternatives and Reviews

Our great sponsors

BuckyClient

0 1,738 10.0 CoffeeScript

Collect performance data from the client

Can only guess as to the motivations of the actual malware author, but it's been named in such a way as to conflate the two. The initial execution is also done via the actual Bucky Client JS file, with some slight modifications: https://github.com/HubSpot/BuckyClient/blob/master/bucky.js
WorkOS

workos.com
sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

CoffeeScript
1 project | news.ycombinator.com | 25 Mar 2024
PivotTable : Toolkit for Smart Data Exploration and Analysis
1 project | dev.to | 13 Mar 2024
The Personal Security Checklist
5 projects | news.ycombinator.com | 3 Apr 2022
Show HN: A lightweight PHP library for checking password strength
2 projects | news.ycombinator.com | 17 Jan 2024
Maps.fm: listen a podcast episode about that place on the map
1 project | news.ycombinator.com | 23 Oct 2023

NPM Malware Targeting HubSpot’s Bucky Client

This page summarizes the projects mentioned and recommended in the original post on /r/netsec Post date: 15 Sep 2022

BuckyClient

WorkOS

Related posts