npm removes malicious JavaScript packages that were caught stealing data. Reported in @SCMagazine

npm removes malicious JavaScript packages that were caught stealing data. Reported in @SCMagazineThe developers of the JavaScript programming language package manager "npm" have disclosed that they recently removed approximately 40 fraudulent, malware-spiked packages that were designed to steal environment variables upon installation.
In a classic case of typosquatting intended to fool inattentive users, the fake packages featured names that were just slightly different than actual, genuine packages offered by npm. "The package naming was both deliberate and malicious – the intent was to collect useful data from tricked users," npm explained in a blog post.
According to npm, a user by the handle of "hacktask" published the malicious libraries on July 19, including two that mimicked the popular "cross-env," which between then were downloaded nearly 700 times before they were removed on Aug. 1. Fortunately, only about 50 of these downloads appear to be genuine installations from real users, while the rest came from registry mirrors that automatically downloaded copies, npm explained.


Oil  
Native  

Publicidad infolinks

Publicidad infolinks

Data

Best Practices on Migrating from a Data Warehouse to a Big Data Platform. BY Michael Farnbach

JavaScript

The spread operator by @BrandonMorelli

Lectores

Lectores de código de barras de rango amplio


Contactos

Teléfonos: +58 212 578 1145
Fax: +58 212 576 3892