Malicious node-IPC Versions Published to NPM(github.com)
6 pointsby varunsharma073 hours ago3 comments
  • freakynit2 hours ago
    Why why why it's npm, almost always?
  • rvz3 hours ago
    Not again and it is NPM once more.

    > Any project that installs one of these versions, directly or transitively, will pull the compromised release.

    Hope you have pinned your dependencies in your package.json.

    What a disaster.

  • varunsharma073 hours ago
    [dead]