How to protect your Node.js applications from malicious dependencies

added by JavaScript Kicks
12/7/2018 10:29:37 PM

1398 Views

You have probably heard about a recent incident where a popular npm package, event-stream , included malicious code that could have affected thousands of apps (or more!). Hopefully, the attack was tailored to affect only a specific project. The original author of the library was the victim of a social engineering attack and a malicious hacker gained publishing permissions.


0 comments