npm registry attacked by secret-stealing worm

npm registry attacked by secret-stealing worm

Anil Neevansh Offline

Junior Member

Posts: 1
Threads: 0
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: 25 September 25

25 September 25, 12:18

Scary stuff supply chain attacks like this really show how exposed developers can be. Token leaks are no joke.
On a related note, I came across how some governments are centralizing access too, like Rajasthan in India with their SSO ID portal (https://sso-id.net/). Different field, but same idea once access is compromised, everything’s at risk.
What do you all think is the best defense tighter token scopes or better monitoring?

Find

« Next Oldest | Next Newest »

Messages In This Thread

npm registry attacked by secret-stealing worm - by harlan4096 - 16 September 25, 16:54

RE: npm registry attacked by secret-stealing worm - by harlan4096 - 25 September 25, 10:37

RE: npm registry attacked by secret-stealing worm - by Anil Neevansh - 25 September 25, 12:18

View a Printable Version

Forum Jump:

Users browsing this thread: 1 Guest(s)

Welcome
You have to register before you can post on our site. Username/Email: Password: Remember me

Recent Posts
Backup Suite V5.8.2.2
Hasleo Backup Suit...harlan4096 — 07:42
Google Chrome 149.0.7827.200/201
Google Chrome 149....harlan4096 — 08:26
Brave 1.91.180 (Jun 26, 2026)
Release Notes v1.9...harlan4096 — 08:24
Adobe Acrobat Reader DC 2026.001.21691
Adobe Acrobat Read...harlan4096 — 08:22
PowerToys v0.100.2
Release v0.100.2 ...harlan4096 — 08:21

Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

Online Staff
There are no staff members currently online.

Login
Username/Email:
Password:	Lost Password?
	Remember me