Another way to mitigate this attack is to only let trusted sources update the
package-lock.json (👋 @greenkeeperio).
https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/
A static archive of Markus Tacker's tweets. Follow me on Mastodon: @[email protected].
Another way to mitigate this attack is to only let trusted sources update the
package-lock.json (👋 @greenkeeperio).
https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/