Nezir Zahirovic
Nezir Zahirovic

What if we could verify npm packages?

In January, David Gilbertson broke the internet (pun intended) with a plausible attack on everyone’s PII (I’m harvesting credit card numbers and passwords from your site. Here’s how.) The hypothetical attack was centered around adding malicious code to a package that was not in source control.In July, attackers added malicious code to eslint-scope that allowed them to steal npm tokens from other packages. Our friends over at NPM nuked all tokens before the attack could spread further.


What if we could verify npm packages? #javascriptba #javascript #nodejs #reactjs #angularjs #vuejs #meteorjs #typecscript #jquery #emberjs #bosnia