(www.aikido.dev)

1369 points universesquid | 1 comments | 08 Sep 25 15:37 UTC | HN request time: 0.224s | source

Show context

martypitt ◴[08 Sep 25 16:15 UTC] No.45170121[source]▶

A super quick script to check the deps in your package-lock.json file is here[0].

krona ◴[08 Sep 25 16:19 UTC] No.45170178[source]▶

how about:

grep -r "_0x112fa8"

replies(1): >>45170506 #

9dev ◴[08 Sep 25 16:42 UTC] No.45170506[source]▶

Irritatingly, this doesn't turn up anything, despite having a theoretically-compromised project as per the package-lock.json… At least on my end

1. AgentME ◴[08 Sep 25 19:15 UTC] No.45172597[source]▶

If you had the dependency installed before this attack, then you would still be pinned to an old safe version.

NPM debug and chalk packages compromised