Mastodon Feed: Post

Boosted by keul@fosstodon.org ("Luca Fabbri"):
Walker@infosec.exchange wrote:

Software Supply Chain npm package compromise.

July 18, reported eslint-config-prettier npm package was modified to include info stealing node-gyp.dll (c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441)

Highlighting the ongoing threat to package security and software development.

https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise

#python #SoftwareSupplyChains #softwaredevelopment #secdevops #malware