Attackers are constantly finding ways to take over accounts and push malicious packages to the npm registry, the (GitHub-operated) online repository for JavaScript and Node.js packages. But in this month alone, we witnessed the compromise of popular code packages after a successful phishing campaign, and the Shai-Hulud attack, which involved the use of a self-replicating worm-like payload that ultimately compromised over 500 packages and compromised many secrets. While GitHub has managed to put a stop … More

The post After Shai-Hulud, GitHub tightens npm publishing security appeared first on Help Net Security.