Dossier
rollup-runtime-polyfill-core
Coverage of rollup-runtime-polyfill-core in the Nexus archive.
- North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Threat actors linked to North Korea have created malicious npm packages named 'rollup-packages-polyfill-core' and 'rollup-runtime-polyfill-core' that mimic the legitimate 'rollup-plugin-polyfill-node' project to steal developer secrets. JFrog identified these packages as part of a scheme to facilitate remote access and data theft.