npm に投稿された悪意あるライブラリの検出って重要ですね malware detection in public reposity is quite important

in #japanese7 years ago

npm

Node.js 向けパッケージ管理サービスの npm から あるパッケージをインストールしようとしたら次のようなメッセージが出ました。

When I tried to install some package from npm, which is a public repository of Node.js packages, I got the following warning:

> [email protected] postinstall /usr/local/lib/node_modules/babel-node
> node message.js; sleep 10; exit 1;

┌─────────────────────────────────────────────────────────────────────────────┐
|                         Hello there ********** 😛                           │
|          You tried to install babel-node. This is not babel-node 🚫          │
|               You should npm install -g babel-cli instead 💁 .               │
|    I took this module to prevent somebody from pushing malicious code. 🕵    │
|                    Be careful out there, **********! 👍                     │
└─────────────────────────────────────────────────────────────────────────────┘

紛らわしい名前で悪意あるコードをインストールさせようというのは、どこにでもありますね。

Although it’s a popular scam to install malicious softwares with misleading names, npm looks good to detect such malware.

Sort:  

Congratulations @nemufox! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Coin Marketplace

STEEM 0.25
TRX 0.25
JST 0.040
BTC 94194.88
ETH 3392.03
USDT 1.00
SBD 3.50