package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard

Published 20 hours ago verified publisher icon ossf

Crypto Miner Attack

Open naveensrinivasan opened this issue 4 years ago • 1 comments

The package analysis should capture and warn about this kind of attack https://github.com/faisalman/ua-parser-js/issues/536

naveensrinivasan avatar Oct 23 '21 17:10 naveensrinivasan

  • the password stealer (the dll), see my last comment: https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-950184949

The maintainer probably did not enforce 2FA for npm releases on npmjs.com.

DanielRuf avatar Oct 23 '21 17:10 DanielRuf

#147 would solve this issue, as might #97.

Closing as this is about a specific example.

calebbrown avatar Dec 21 '22 00:12 calebbrown