Skip to content
  • Categories
  • Tags
  • Popular
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (Flatly)
  • No Skin
Collapse

Odoo 中文社区

  1. Home
  2. Categories
  3. 集思广益
  4. 一个周下载量200万的npm包被恶意代码注入,你中招了吗?

一个周下载量200万的npm包被恶意代码注入,你中招了吗?

Scheduled Pinned Locked Moved 集思广益
1 Posts 1 Posters 721 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • digitalsatoriD Offline
    digitalsatoriD Offline
    digitalsatori 管理员
    wrote on last edited by
    #1

    如果你是一个nodejs的开发者,你需要注意了:
    参见这里:https://github.com/dominictarr/event-stream/issues/116
    最麻烦的是,至今还不清楚会造成什么破坏:worried_face:

    原始开发者将代码维护权移交给了他人,而这个人本不该信任。原始开发者有责任吗?
    原始开发者的声明:
    https://gist.github.com/dominictarr/9fd9c1024c94592bc7268d36b8d83b3a

    【上海先安科技】(tony AT openerp.cn)

    1 Reply Last reply
    0

    • Login

    • Don't have an account? Register

    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Tags
    • Popular
    • Users
    • Groups