| ▲ | beart 3 hours ago | |||||||
It has nothing to do with npm. However, a binary could be configured to extract your git/npm secrets using this exploit, which could then lead to a npm supply chain attack (or pip, etc. etc.). | ||||||||
| ▲ | awongh 2 hours ago | parent [-] | |||||||
I meant the attack would be the other way around- if an infected package had the git.exe file in their root. Or, the infected package could also copy that file into the parent project's root. | ||||||||
| ||||||||