15Malicious Postinstall Hook Found in 700 GitHub Repos, Including Node ProjectsPostinstall hooks are a footgun. The bad part here is that people reviewing a PHP package may not even look closely at package.json.How many more examples of malware postinstall scripts do we need before Node quits running them by default, without warning?[dead]All Composer packages (but the malicious part is in the node dependency)Effected*> Use effect as a noun to refer to a change resulting from something.Title is somewhat misleading. "Node projects" mean projects using nodejs as opposed to projects under the Node.js org.
Postinstall hooks are a footgun. The bad part here is that people reviewing a PHP package may not even look closely at package.json.
How many more examples of malware postinstall scripts do we need before Node quits running them by default, without warning?[dead]
All Composer packages (but the malicious part is in the node dependency)Effected*> Use effect as a noun to refer to a change resulting from something.
Title is somewhat misleading. "Node projects" mean projects using nodejs as opposed to projects under the Node.js org.
Postinstall hooks are a footgun. The bad part here is that people reviewing a PHP package may not even look closely at package.json.
How many more examples of malware postinstall scripts do we need before Node quits running them by default, without warning?
[dead]
All Composer packages (but the malicious part is in the node dependency)
Effected*
> Use effect as a noun to refer to a change resulting from something.
Title is somewhat misleading. "Node projects" mean projects using nodejs as opposed to projects under the Node.js org.