Show HN: Give This Markdown to Your Coding Agent Before Publishing to NPM
https://npm-supply-chain-attack-techniques.pagey.site/attack...
Website: https://npm-supply-chain-attack-techniques.pagey.site
This covers all techniques used in past 1 year to conduct various attacks on npm packages. Use it to get your project reviewed thoroughly before publishing.
Exploits covered with mitigation information:
1. Maintainer Account Takeover and Malicious Publish
2. Lifecycle Hook Execution
3. Self-Replicating npm Worms
4. CI/CD Identity Plane Attacks
5. Git-Based Dependency Smuggling
6. Remote Dynamic Dependencies
7. Phishing Infrastructure Hosted Through npm and Package CDNs
8. Credential and Secret Harvesting
9. Exfiltration and Dead-Drop Channels
10. Persistence and Anti-Forensics
11. Obfuscation and Payload Packaging
12. Package Naming and Discovery Abuse
0 comments
[ 4.1 ms ] story [ 8.7 ms ] threadNo comments yet.