It seems like attackers have discovered a way to leverage NPM packages to deliver malicious binaries without needing to make any changes to the NPM package itself.
You must log in or # to comment.
Interesting! I wonder how much of this is already happening that people just haven’t noticed yet.