SECURITYTHE REGISTER
Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise
An npm account compromise infected 314 npm packages with malware, including popular packages such as size-sensor and echarts-for-react. The compromised account belongs to a developer based in Hangzhou, China, and the malware has been reported on GitHub. Developers who have installed compromised package versions are advised to rotate credentials and check for unauthorized repositories.
Mentioned