Malicious packages in NPM evade dependency detection through invisible URL links | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Malicious packages in NPM evade dependency detection through invisible URL links (csoonline.com)
		2 points by shehackspurple 3 months ago \| hide \| past \| favorite \| 2 comments

mystifyingpoi 3 months ago | [–]

> To every automated security system, these packages show "0 Dependencies."

With all the faults of npm, I fail to see that as npm fault. That sounds honestly like a security system fault. Why would an audit tool ignore a clearly defined dependency?

shehackspurple 3 months ago | [–]

More terrifying supply chain attacks against developers

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact