July 6, 2023
The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation.
“A npm package’s manifest is published independently from its tarball,” Darcy Clarke, a former GitHub and npm engineering manager
“A npm package’s manifest is published independently from its tarball,” Darcy Clarke, a former GitHub and npm engineering manager
Article posted by: https://thehackernews.com/2023/07/nodejs-users-beware-manifest-confusion.html
——————————————————————————————————————–
Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India
Contact us – https://www.infocerts.com
