**Nolan** @nolan@toot.cafe · Feb 20, 2022, 16:32

**Nolan** @nolan@toot.cafe · Feb 20, 2022, 16:32

Nolan @nolan@toot.cafe

Feb 20, 2022, 16:32

"Compromising Angular via Expired npm Publisher Email Domains" by Matthew Bryant https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/

Man, if there's a vulnerability in the OSS supply chain, somebody's thought of it. This one seems particularly tricky to defend against, from the registry's perspective.

**Shamar** @Shamar@qoto.org · 2022-02-20T21:47:03Z

Shamar @Shamar@qoto.org

@nolan

Actually, this kind of attack doesn't only depend on domain names.

Any provider (or administrator) of any mailbox of a #npm package developer might do the same.

Feb 20, 2022, 21:47 · · · ·

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…