Sudhanshu2310

↗ HN profile [ 26.8 ms ] full profile
Karma
0
Created
()
Submissions
0
  1. We just found and reported a malicious npm package impersonating react-refresh - 42 million weekly downloads, used in virtually every React build toolchain. One file modified. Rest of the package works normally. On…

  2. We just analyzed a fresh supply chain attack on npm that's pretty well-executed. Package: pino-sdk-v2 Target: Impersonates pino (one of the most popular Node.js loggers, ~20M weekly downloads) Reported to OSV too-…