writeups.xyz / New npm Flaws Let Attackers Better Target Packages for Account Takeover

Submitter : c2a

Date: 5 April 2022

Bounty : undisclosed

Vulnerabilities :

• Information Disclosure

Programs :

• GitHub

Authors :

• Yakir Kadkoda

Link :
https://blog.aquasec.com/npm-supply-chain-attack