THESECMASTER

WHAT IS PACKAGE PLANTING VULNERABILITY IN NPM? HOW DOES MPM FIX IT?

THESECMASTER

The security research team from Aqua, a well-known security firm, has disclosed a logical flaw in NPM, a default package manager for the Node.js JavaScript runtime environment. The flaw allows adversaries to masquerade a malicious package as legitimate and managed to trick developers to download and install the package as npm skipped the author validation process and allowed adding anyone as the package maintainer without notifying users or getting their consent.

1.What Is Package Planting Vulnerability In NPM?

2.How Does Package Planting Vulnerability Affects NPM?

2.1.How Does It Affect Package Maintainers And Package Consumers?

3.How Does NPM Fix The Package Planting Vulnerability In NPM?4.Conclusion

Table f Contents :

THESECMASTER

THESECMASTER

* Attackers will create and publish a malicious npm package.

* Then he will Add well known users to his malicious package as owners or maintainers.

* Remove his name from the package.

How Does Package Planting Vulnerability Affects NPM?

Tumblr

Telegram

Medium

Twitter

LinkedIn

Facebook

FOLLOW US:

THESECMASTER