Node JS
fromThe Hacker News
3 days agoPackagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Malicious postinstall scripts in compromised Packagist packages download and execute a Linux binary from GitHub Releases via package.json hooks.