Olly 👾

Trojanized jQuery Packages found on npm, GitHub and jsDelivr Code Repositories.  

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack.

https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/

#trojanized #jquery #npm #github #jsdelivr #repositories #it #security #privacy #java #programming #tech #technology #engineering #news

Persistent npm Campaign Shipping Trojanized jQuery

Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery

Phylum
Jul 11, 2024 at 12:08pmWeb
Show threadMarc TriusJul 11, 2024
@Olly42 it's really a tough decision these days whether to pull in dependencies 😕
At least on simple js projects