Copy
Another malicious library has been spotted in the JavaScript-oriented NPM registry, underscoring the continued fragility of today s software supply chain.
Like other software package registries – repositories of code libraries for specific tasks – NPM, which was acquired last year by Microsoft s GitHub, has proven to be an effective mechanism for spreading malicious software. Developers tend to trust the modules they download from such services and typically incorporate them into their projects without much scrutiny.
On Wednesday, ReversingLabs, a software security analysis firm, said it had identified password-stealing code in the
The package, maintained by an author identified as chrunlee, debuted as a 1.0.0 release on February 28, 2019. According to ReversingLabs, the project evolved to include remote shell functionality over the next several versions and late last year gained password-stealing capabilities with its 1.1.0 release.
6 essential Python tools for data science—now improved
infoworld.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from infoworld.com Daily Mail and Mail on Sunday newspapers.
NPM Package Steals Chrome Passwords
threatpost.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from threatpost.com Daily Mail and Mail on Sunday newspapers.
Why Python s pip search isn t working: We speak to infrastructure director about ongoing traffic overload
theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.
Official Python software package repository flooded with spam
techradar.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from techradar.com Daily Mail and Mail on Sunday newspapers.