github.com/ghostwriterMar 4

How do users report a composer package that is distributing a Remote Access Trojan (RAT) on packagist for removal/warning?

eg.

https://intel.aikido.dev/packages/packagist/nhattuanbl/lara-helper

https://packagist.org/packages/nhattuanbl/lara-helper

Payload: https://gitlab.com/nhattuanbl/lara-helper/-/blob/master/src/helper.php

#PHP #ComposerPHP

nhattuanbl/lara-helper - Packagist package security analysis

Just some helper functions & commands for Laravel Latest: 5.5.1. No known vulnerabilities.

Show threadJordi BoggianoMar 4
@ghostwriter we are actually in the process of rolling out the Aikido malware feed integration, so now it shows a warning :) https://packagist.org/packages/nhattuanbl/lara-helper
nhattuanbl/lara-helper - Packagist.org

Just some helper functions & commands for Laravel

Show threadgithub.com/ghostwriter

@seldaek That's great news! 👏🏾

The visibility directly in Packagist is a big win for the PHP ecosystem.

Thanks for proactive work!🙌🏾

Mar 4 at 8:12pmWeb