| ▲ | merelysounds 7 hours ago | |||||||
There is an explanation in the article: > it modifies package.json based on the current environment's npm configuration, injects [malicious] setup_bun.js and bun_environment.js, repacks the component, and executes npm publish using stolen tokens, thereby achieving worm-like propagation. This is the second time an attack like this happens, others may be familiar with this context already and share fewer details and explanations than usual. Previous discussions: https://news.ycombinator.com/item?id=45260741 | ||||||||
| ▲ | tasuki 3 hours ago | parent | next [-] | |||||||
I don't get this explanation. How does it force you to run the infection code? Yes, if you depend on an infected package, sure. But then I'd expect not just a list, but a graph outlining which package infected which other package. Overall I don't understand this at all. | ||||||||
| ||||||||
| ▲ | vintagedave 6 hours ago | parent | prev [-] | |||||||
Thanks. I saw that sentence but somehow didn't parse it. Need a coffee :/ | ||||||||