npmjs.com ã§è‘—åソフトウェアã«ã‚ˆãä¼¼ãŸåå‰ã®ãƒžãƒ«ã‚¦ã‚§ã‚¢ãŒå¤§é‡ã«ç™ºè¦‹ã•ã‚ŒãŸ - Islands in the byte streamMalicious packages in npm. Here’s what to do | Ivan Akulov’s blog People found malicious packages in npm that work like real ones, are named similarly real ones, but collect and send your process environment to a third-party server when you install them 訳: 悪æ„ã®ã‚るパッケージãŒnpmã§ç™ºè¦‹ã•ã‚ŒãŸã€‚ãれらã¯ã€å®Ÿéš›ã®ãƒ‘ッケージã«ã‚ˆãä¼¼ãŸåå‰ã§åŒã˜ã‚ˆã†ã«å‹•ããŒã€ãƒ‘ッケージã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«æ™‚ã«ãƒ—ãƒã‚»ã‚¹ã®ç’°å¢ƒå¤‰æ•°ã‚’外部ã®ã‚µãƒ¼ãƒã«é€ä¿¡ã™ã‚‹ã€‚ 発見ã•ã‚ŒãŸãƒ‘ッケージã®ä¸€è¦§ã¯å…ƒã‚¨ãƒ³ãƒˆãƒªã‚’ã©ã†ãžã€‚ã“ã®ã‚ˆã†ãªãƒžãƒ«ã‚¦ã‚§ã‚¢ã§ã‚ã‚‹å½ãƒ‘ッケージã®ä¸€ä¾‹ã‚’ã‚ã’ã‚‹ã¨ã€ ba
npmã‚„bowerライブラリã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ç®¡ç†
GitHub - fxpio/composer-asset-plugin: NPM/Bower Dependency Manager for Composer
{{#tags}}- {{label}}
{{/tags}}