Researchers identified an active supply chain attack affecting multiple npm packages that leverages a novel abuse of the binding.gyp build mechanism to execute malicious code during package installation. Unlike traditional npm supply chain attacks that rely on preinstall or po...

Researchers identified an active supply chain attack affecting multiple npm packages that leverages a novel abuse of the binding.gyp build mechanism to execute malicious code during package installation. Unlike traditional npm supply chain attacks that rely on preinstall or po...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/bindinggyp-supply-chain-attack-enables-cicd-worm-propagation-across-npm-packages