CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

One infection, two registries.

Uncategorized

1 Posts 1 Posters 2 Views

A This user is from outside of this forum
A This user is from outside of this forum
alexreed@mstdn.social

wrote last edited by

#1

One infection, two registries. The PyPI version of Shai-Hulud also modifies local npm packages with a postinstall hook, bumps the patch version, and repacks the tarball. Publish from your local environment and the malware spreads to npm.
The attack surface is not one registry. It is all of them.
#SupplyChain #PyPI #npm #Infosec
1 Reply Last reply
1
0
R relay@relay.infosec.exchange shared this topic