- Malicious Packages and Users are infiltrating software around the globe. Examples of Account Takeover, Dependency Confusion, Hacktivism and Chain/Repo-Jacking are being used to infect your software. This repository highlights some of the key Supply Chain flaws that Checkmarx can help you uncover before it's too late.
- ua-parser-js_0.7.29.zip (Account takeover with malicious intent)
- ua-parser-js_0.7.28.zip (Safe and respectable version)
- https://checkmarx.com/blog/uaparser-js-attack-preparations/
- jb-rpd-splash 99.10.10
- https://checkmarx.com/blog/a-new-type-of-supply-chain-attack-could-put-popular-admin-tools-at-risk/
- Moment (https://www.npmjs.com/package/moment) vs. Momnet (https://www.npmjs.com/package/momnet)
- https://checkmarx.com/blog/recently-discovered-supply-chain-worm/
- node-ipc_9.2.2
- "Don't trust code from strangers" or more importantly, should you trust contributers who have a questioanble past? RIAEvangelist was responsible for a Hacktivism act against the Russian/Ukraine War introducing a "Peacenotwar" package in NPM - node-ipc_9.2.2. They also maintain 40+ other Open Source projects like event-pubsub (not malicious)
- https://checkmarx.com/blog/protestware-politics-and-open-source-software/