Failure to match metadata with packaged files is perfect for supply chain attacks
The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files.…
This article has been indexed from The Register – Security
Read the original article: