Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies
Source: Sonatype
Published:
<p>The latest malware campaign uncovered by Sonatype researchers involved 176 malicious npm packages, many published with the exact same version number: 99.99.99 .</p> <p>The versioning strategy was not subtle, and likely was not intended to be.</p> <p>This is a dependency confusion trick designed t