|
|
|
|
|
|
by perihelions
1693 days ago
|
|
|
A separate advisory says the npm package "rc" is also compromised. That's also a highly popular one, according to the npmjs stats (1,323 dependents; 14.2 million weekly downloads). https://github.com/advisories/GHSA-g2q5-5433-rhrf (" Embedded malware in rc" "critical severity") Notable that both advisories link to the virustotal entry for the same file hash (same malware). @dang Could the title be updated to include the names of other affected packages? |
|
|