12194 shaares
293 private links
293 private links
Another supply-chain attack.
According to new reports by Aikido and Socket, the compromised packages were modified to include a malicious 'preinstall' script that executes automatically when the npm package is installed.
That's why it's pertinent that https://npmx.dev lists these postinstall scripts
