Y
Hacker News
new
|
ask
|
show
|
jobs
by
deepanwadhwa
285 days ago
What makes you so sure that the exploit is over? Maybe they wanted their secondary exploit to get caught to give everyone a sense of security? Their primary exploit might still be lurking somewhere in the code?
1 comments
pixl97
285 days ago
Well, because it is really easy to diff an npm package.
The attacker had access to the user's npm repository only.
link
The attacker had access to the user's npm repository only.