5 条评论

• kspetkov79 12小时前
  Postinstall hooks are a footgun. The bad part here is that people reviewing a PHP package may not even look closely at package.json.
• tedchs 14小时前
  How many more examples of malware postinstall scripts do we need before Node quits running them by default, without warning?
  [-]
  • nullsex 13小时前
    [dead]
• gnabgib 15小时前
  All Composer packages (but the malicious part is in the node dependency)

  Effected*

  > Use effect as a noun to refer to a change resulting from something.
• nullsex 13小时前
  Title is somewhat misleading. "Node projects" mean projects using nodejs as opposed to projects under the Node.js org.
• ryanshrott 1小时前
  [flagged]