Malicious packages in NPM evade dependency detection through invisible URL links csoonline.com 2 points by shehackspurple 9 hours ago
mystifyingpoi 9 hours ago > To every automated security system, these packages show "0 Dependencies."With all the faults of npm, I fail to see that as npm fault. That sounds honestly like a security system fault. Why would an audit tool ignore a clearly defined dependency?
> To every automated security system, these packages show "0 Dependencies."
With all the faults of npm, I fail to see that as npm fault. That sounds honestly like a security system fault. Why would an audit tool ignore a clearly defined dependency?
More terrifying supply chain attacks against developers