NPM registry vulnerable to 'manifest confusion' abuse
NPM registry vulnerable to 'manifest confusion' abuse
www.theregister.com NPM registry vulnerable to 'manifest confusion' abuse
Failure to match metadata with packaged files is perfect for supply chain attacks
You're viewing a single thread.
4 comments
Counter question: what part of npm is not vulnerable to attacks?
your nickname (almost) fits the question xD.
On a more serious note, not all is doom and gloom in NPM, they have improved a lot during these past years.