October 5, 2020 | technology | No Comments
The four packages where this malicious code was identified included:
- electorn: 255 downloads
- lodashs: 78 downloads
- loadyaml: 48 downloads
- loadyml: 37 downloads
All four packages were developed by the same user (simplelive12) and uploaded on the npm portal in August. Two packages (lodashs, loadyml) were removed by the author shortly after publication, but not before they infected some users.
The remainder packages, electorn and loadyaml, were removed last week, on October 1, by the npm security team following a report from Sonatype, a company that monitors public package repositories as part of its developer security operations (DevSecOps) services.
According to Sonatype security researcher Ax Sharma, the four malicious packages used a technique known as typosquatting to get