Sudhanshu2310
- Karma
- 0
- Created
- ()
- Submissions
- 0
-
We just found and reported a malicious npm package impersonating react-refresh - 42 million weekly downloads, used in virtually every React build toolchain. One file modified. Rest of the package works normally. On…
-
We just analyzed a fresh supply chain attack on npm that's pretty well-executed. Package: pino-sdk-v2 Target: Impersonates pino (one of the most popular Node.js loggers, ~20M weekly downloads) Reported to OSV too-…