• caglararli@hotmail.com
  • 05386281520

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

Çağlar Arlı      -    22 Views

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for