Researchers uncovered a new supply chain attack targeting the npm registry that impacted over 40 packages belonging to multiple maintainers. Security researchers at Socket uncovered a malicious update to @ctrl/tinycolor, a package with 2.2M weekly downloads on npm. While investigating the case, they discovered it was linked to a larger supply chain attack that compromised […]
First seen on securityaffairs.com
Jump to article: securityaffairs.com/182274/malware/new-supply-chain-attack-hits-npm-registry-compromising-40-packages.html
