How Two Malicious NPM Packages Targeted & Sabotaged Others.

An attacker allegedly gained access to an npm user account and published modules that broke dependents. But why?

https://twitter.com/shinnn_tw/status/1149778273024520197

Background

Timeline

Attack details

load-from-cwd-or-npm

purescript-installer
└─┬ dl-tar
└─┬ load-request-from-cwd-or-npm
└── load-from-cwd-or-npm <<<<<<< compromised package

rate-map

So what happened?

Why it matters.

rate-map version list with the missing 1.0.3 version

I write about JavaScript, Reverse Engineering, Security, and Credential Stuffing. Also a speaker, O'Reilly Author, creator of Plato, Director at Shape Security.