Skip to content
The Nexus
SECURITYMay 19 · 12:58 UTCTHE REGISTER

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

An npm account compromise infected 314 npm packages with malware, including popular packages such as size-sensor and echarts-for-react. The compromised account belongs to a developer based in Hangzhou, China, and the malware has been reported on GitHub. Developers who have installed compromised package versions are advised to rotate credentials and check for unauthorized repositories.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this