![]() ![]() ![]() As such, that vulnerability is still there and will likely continue to be into the foreseeable future. Unfortunately, there is no straightforward way to fix this issue, as it's an inherent part of the lifecycle hook, an important feature of npm. The same applies for preinstall, preuninstall, and postuninstall hooks. A new version of the package was published that contained malicious code via a postinstall lifecycle hook. One example of this attack is an incident that occurred with the popular eslint-scope package. ![]() This vulnerability is potentially more harmful than running something like a bash script on your machine, because while a bash script will execute arbitrary code on your machine, npm executes arbitrary code on your machine from hundreds, if not thousands, of packages. In 2016, npm disclosed the discovery of a vulnerability that essentially allows npm packages to execute potentially malicious code on your machine. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |