npm に投稿された悪意あるライブラリの検出って重要ですね malware detection in public reposity is quite important

in japanese •  7 years ago 

npm

Node.js 向けパッケージ管理サービスの npm から あるパッケージをインストールしようとしたら次のようなメッセージが出ました。

When I tried to install some package from npm, which is a public repository of Node.js packages, I got the following warning:

> [email protected] postinstall /usr/local/lib/node_modules/babel-node
> node message.js; sleep 10; exit 1;

┌─────────────────────────────────────────────────────────────────────────────┐
|                         Hello there ********** 😛                           │
|          You tried to install babel-node. This is not babel-node 🚫          │
|               You should npm install -g babel-cli instead 💁 .               │
|    I took this module to prevent somebody from pushing malicious code. 🕵    │
|                    Be careful out there, **********! 👍                     │
└─────────────────────────────────────────────────────────────────────────────┘

紛らわしい名前で悪意あるコードをインストールさせようというのは、どこにでもありますね。

Although it’s a popular scam to install malicious softwares with misleading names, npm looks good to detect such malware.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Congratulations @nemufox! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!