JavaScript registry npm vulnerable to 'manifest confusion' abuse

The Register
Jun 27, 2023, 4:40 pm160 pts
Failure to match metadata with packaged files presents supply chain vulnerability The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files.…

Read Article Share
Share Article
- email
- x.com
- facebook
- pocket
- reddit
- tumblr
- linkedin
- pinterest

Trending Today on Tech News Tube

Will AI Force Source Code to Evolve - Or Make it Extinct?

Slashdot

Will AI Force Source Code to Evolve - Or Make it Extinct? 130

Microsoft fixes broken Windows update days after vowing fewer broken updates

The Register

Microsoft fixes broken Windows update days after vowing fewer broken updates 129

Samsung Brings Support for Apple's AirDrop to S26 Series

Phone Scoop

Samsung Brings Support for Apple's AirDrop to S26 Series 122

Apple will reportedly start stuffing ads into the Maps app

Engadget

Apple will reportedly start stuffing ads into the Maps app 120

Amazon beats Jackery’s spring sale on Explorer 2000 v2, Segway GT3 superscooter back to low, more in today’s Green Deals

Electrek

Amazon beats Jackery’s spring sale on Explorer 2000 v2, Segway GT3 superscooter back to low, more in today’s Green Deals 116

Topical Dancer is propulsive, playful, and political

The Verge

Topical Dancer is propulsive, playful, and political 115

SpaceX hits back at Amazon in orbital datacenter dispute

The Register

SpaceX hits back at Amazon in orbital datacenter dispute 112

Trapped! Inside a Self-Driving Car During an Anti-Robot Attack

Slashdot

Trapped! Inside a Self-Driving Car During an Anti-Robot Attack 111

About Tech News Tube

Tech News Tube is a real time news feed of the latest technology news headlines.

Follow all of the top tech sites in one place, on the web or your mobile device.

Featured

Public-private partnerships vital in…

Public-private partnerships vital in disrupting China's Typhoons, says RSA panel…

Apple launched a ton of products this…

Apple launched a ton of products this month — here's all the new additions,…

Tell us about your gaming habits and you…

Tell us about your gaming habits and you could win a $300 / £250 Amazon voucher

Salesforce recuits team behind calendar…

Salesforce recuits team behind calendar app Clockwise into Agentforce

CMA dithers on cloud probe as…

CMA dithers on cloud probe as Microsoft's meter runs on taxpayer dime

Cheap e-bike maker refuses recall as…

Cheap e-bike maker refuses recall as CPSC tells riders to get rid of it…

GrapheneOS Refuses to Comply with…

GrapheneOS Refuses to Comply with Age-Verification Laws

Honda’s new full-size electric…

Honda’s new full-size electric motorcycle snags awards on way to production

China's AI GPU self-sufficiency to hit…

China's AI GPU self-sufficiency to hit 80% by 2030 highlights growing challenges…

Elon Musk wants to build 50 times more…

Elon Musk wants to build 50 times more chips than the world currently produces,…