miniblog.

Wilfred Hughes

Nov 26, 2018 at 20:17

Today's compromised npm package: https://github.com/dominictarr/event-stream/issues/116 only had the malicious code in the minified version. We don't always think of JS as a compiled language, but reproducible/verifiable compilation would have helped here.

I don't know what to say. · Issue #116 · dominictarr/event-stream

EDIT 26/11/2018: Am I affected?: If you are using anything crypto-currency related, then maybe. As discovered by @maths22, the target seems to have been identified as copay related libraries. It on...