malicious

Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages

by

[ad_1] The Open Source Security Foundation (OpenSSF), an initiative supported by the Linux Foundation, has released its first prototype version of the ‘Packet Analysis’ tool that aims to detect and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub was … Read more

NPM flaw allows attackers to add anyone as a maintainer of malicious packages

by

[ad_1] A “logic flaw” in the npm registry allowed the authors of malicious packages to silently add anyone and any number of users as “maintainers” of their packages in an attempt to increase trust in their packages. The GitHub-owned repository of NodeJS components has now fixed the flaw after cloud-native security company Aqua responsibly reported … Read more