A logical flaw in the npm registry, dubbed ‘package planting’ let authors of malicious packages quietly add anyone and any number of users as ‘maintainers’ to their packages in an attempt to boost the trust in their package. […]
A logical flaw in the npm registry, dubbed ‘package planting’ let authors of malicious packages quietly add anyone and any number of users as ‘maintainers’ to their packages in an attempt to boost the trust in their package. […]
