FRESH
Hacker News
Home
Malicious Postinstall Hook Found in 700 GitHub Repos, Including Node Projects
18 points by 882542F3884314B
by kspetkov79
0 subcomment
Postinstall hooks are a footgun. The bad part here is that people reviewing a PHP package may not even look closely at package.json.
by tedchs
1 subcomments
How many more examples of malware postinstall scripts do we need before Node quits running them by default, without warning?
by gnabgib
0 subcomment
All Composer packages (but the malicious part is in the node dependency)
Effected*
> Use effect as a noun to refer to a change resulting from something.
by nullsex
0 subcomment
Title is somewhat misleading. "Node projects" mean projects using nodejs as opposed to projects under the Node.js org.
by ryanshrott
0 subcomment
[flagged]
Hacker News Hacker News Hacker News