How threat actors are using npm to launch attacks

2022-02-04 06:30

WhiteSource released a threat report based on malicious activity found in npm, the most popular JavaScript package manager used by developers worldwide.

The report is based on findings from more than 1,300 malicious npm packages identified in 2021.

The popularity of JavaScript has also attracted attention from threat actors, who increasingly target JavaScript's open-source package managers and package registries - the most widely used of which is npm, with more than 1.8 million active packages.

The company tracked an average of 32,000 new npm packages published every month during 2021.

"With an average of over 17,000 new npm package versions being published daily in 2021, there's no question that package update activity needs to be closely monitored," said Rami Sass, CEO of WhiteSource.

"Unfortunately, that popularity is being used by threat actors to spread malware and launch attacks that harm businesses and individuals."

News URL

https://www.helpnetsecurity.com/2022/02/04/npm-malicious-activity/

#attack #NPM #threat

News URL

Related news