It has happened again, another JavaScript package in the npm registry has been compromised, it is the installer for PureScript.
The installer for PureScript package in the
Last week many developers reported several problems with the installer and PureScript contributor Harry Garrood found malicious code in its
Launching the installer by typing
The installer was originally developed and maintained the Japanese developer Shinnosuke Watanabe (@shinnn), later the maintainers of the project asked him to pass the control of the installer to them.
The developer accepted the request but was disappointed
“
@shinnn claims that the
The malicious code was identified and removed by the maintainers of the project that have also dropped the Watanabe’s dependencies.
“If you want to be absolutely sure you do not have malicious code on your machine, you should delete your node_modules directories and your
A similar case recently impacted developers using the Ruby strong_password library, the attacker hijacked the account of the real developer and injected malicious code in the library.
|
(