Like of @lrvick's tweet · Jamie Tanna

Post details

1. Buy expired NPM maintainer email domains. 2. Re-create maintainer emails 3. Take over packages 4. Submit legitimate security patches that include package.json version bumps to malicious dependency you pushed 5. Enjoy world domination.
Lance R. Vick ( @lrvick@mastodon.social ) (@lrvick)Mon, 09 May 2022 21:20 +0000

Wed, 11 May 2022 20:19 by Jamie Tanna . #security #npm.

Also on:

This post was filed under likes.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.