| ▲ | Towaway69 3 hours ago | |
> anyone potentially affected How does one know one is affected? What's the point of rotating tokens if I'm not sure that I've been affected - the new tokens will just be ex-filtrated as well. First step would be to identify infection, then clean up and then rotate tokens. | ||
| ▲ | mcintyre1994 2 hours ago | parent [-] | |
The article has some indicators of compromise, the main one locally would be .truffler-cache/ in the home directory. It’s more obvious for package maintainers with exposed credentials, who will have a wormed version of their own packages deployed. From what I’ve read so far (and this definitely could change), it doesn’t install persistent malware, it relies on a postinstall script. So new tokens wouldn’t be automatically exfiltrated, but if you npm install any of an increasing number of packages then it will happen to you again. | ||