Information security
fromInfoWorld
4 hours agoUnplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud
PackageGate vulnerabilities allow attackers to bypass lifecycle-script blocking and lockfile integrity protections, requiring platform-wide fixes to prevent malicious dependency installs.