I got hacked a week ago. I did pretty extensive technical research on how they pulled it off and what I (/we) can try to prevent this from happening in the future, or at least minimise the scope as much as possible.
I hope this will help a few others, either by bringing more attention to how vulnerable the whole Node.js ecosystem is or just to help more people become aware how attackers try to play you.
NPM run hack:me – a supply chain attack journey · HackerTrans
I hope this will help a few others, either by bringing more attention to how vulnerable the whole Node.js ecosystem is or just to help more people become aware how attackers try to play you.