Packagist
Coverage of Packagist in the Nexus archive.
- North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
North Korean threat actors have published 108 malicious packages and web browser extensions across npm, Packagist, Go, and Google Chrome as part of the PolinRider campaign. The campaign remains active, with new malicious packages likely to continue appearing.
- An Update on Composer and Packagist Supply Chain Security
The article discusses recent security updates for Composer and Packagist, focusing on enhancing supply chain security measures. Key improvements include stronger authentication and vulnerability checks to protect PHP package dependencies.
- Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A coordinated supply chain attack has compromised eight packages on Packagist, injecting malicious code that executes a Linux binary hosted on GitHub Releases. The attack targeted JavaScript projects by inserting malicious content into package.json, bypassing composer.json in Composer packages.