June 27th 2017 By Catalin Cimpanu
Tens of thousands of developers using weak credentials to secure their npm accounts inadvertently put more than half of the npm packages (JavaScript libraries and tools) at risk of getting hijacked and used to deploy malicious code to legitimate applications that use them in their build process.
npm Inc, the company that runs the npm package manager, has addressed the issue at the start of June by triggering password reset operations for all affected users.
Initially, there was a lot of confusion about npm Inc's actions, and many believed the organization might have been breached. It was only over the last weekend when we discovered the real reason behind the massive npm account password resets that took place at the start of the month.
Full Article.
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.