NPM fixes private package names leak, serious authorization bug

The largest software registry of Node.js packages, npm, has disclosed fixing multiple security flaws. The first flaw concerns leak of names of private npm packages on the npmjs.com’s “replica” server. Whereas, the second flaw allows attackers to publish new versions of any existing npm package that they do not own or have rights to. […]

Go to Source
Author: Ax Sharma

You may also like...