Web Dev Pro by Packt @packtwebdevpro tweet - Supply chain watch: a malicious npm package mimicking an ESLint plugin used a hidden prompt + postinstall script to steal env vars (tokens/keys). Audit deps + lock installs. 🔗 https://t.co/UVhk3UERPw

Web Dev Pro by Packt

@packtwebdevpro

6 days

Supply chain watch: a malicious npm package mimicking an ESLint plugin used a hidden prompt + postinstall script to steal env vars (tokens/keys). Audit deps + lock installs. 🔗