NPM Supply Chain Attack
Last modified: 2023-07-12
An attacker might be able to lead an organization to install a malicious NPM package by abusing misconfiguration of the internal proxy server or package manager.
This page has lack of content yet.
The PoC is available thanks to the researcher who discovered the threat.
Attackers may insert their malicious npm package into
package-lock.json in the target project.