Malicious packages in NPM evade dependency detection through invisible URL links (csoonline.com) 2 points by shehackspurple 8mo ago ↗ HN
[–] mystifyingpoi 8mo ago ↗ > To every automated security system, these packages show "0 Dependencies."With all the faults of npm, I fail to see that as npm fault. That sounds honestly like a security system fault. Why would an audit tool ignore a clearly defined dependency?
2 comments
[ 1.2 ms ] story [ 27.2 ms ] threadWith all the faults of npm, I fail to see that as npm fault. That sounds honestly like a security system fault. Why would an audit tool ignore a clearly defined dependency?