Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
littlecranky67
10mo ago
0 comments
Save
Share
Says the malware is in a post-install script - that will not be called by nx, but i.e after an npm install
0 comments
4 comments · 2 top-level
top
newest
oldest
reactordev
10mo ago
· 2 in thread
Consider anything pre or post attached to the package as tainting the package.
SoftTalker
10mo ago
Consider your entire system tainted, nothing is trustworthy at this point. Wipe and rebuild from known good media.
littlecranky67
OP
10mo ago
The malware is "luckily" written in javascript and such quite easy to analyse. No manipulation outside of .zshrc or .bashrc and a temp txt file.
1 more reply
dudeinjapan
10mo ago
Oh good. I guess running the actual program was too many steps.
j
/
k
navigate · click thread line to collapse
