GitHub Worm Hits npm Packages With 16M Downloads
Source: News.Bitcoin
Published:
<p>A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising AntV, echarts-for-react, and Microsoft’s durabletask SDK.</p> <p>Key Takeaways Mini Shai-Hulud exploited GitHub Actions on May 19, compromising 300+ npm packages across 1