Matt Marum

Verify the security of your Node Package Manager (NPM) projects

Discussion created by Matt Marum Employee on Mar 23, 2016

Some issues around Node Package Manager (NPM) have risen recently. In light of those events the libraries being distributed online by NPM should not be trusted at this time.

 

For more details see the following articles:

How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript • The Register

http://www.drinchev.com/blog/alert-npm-modules-hijacked/

 

If you happen to have any projects that that use NPM or Node.js then we recommend verifying that your dependencies have not been hijacked and to mitigate any potential security risks.

Outcomes