undefined | Better HN

0 pointslittlecranky677mo ago0 comments

Says the malware is in a post-install script - that will not be called by nx, but i.e after an npm install

0 comments

Consider anything pre or post attached to the package as tainting the package.

Consider your entire system tainted, nothing is trustworthy at this point. Wipe and rebuild from known good media.

The malware is "luckily" written in javascript and such quite easy to analyse. No manipulation outside of .zshrc or .bashrc and a temp txt file.

Oh good. I guess running the actual program was too many steps.

j / k navigate · click thread line to collapse

0 pointslittlecranky677mo ago0 comments

Says the malware is in a post-install script - that will not be called by nx, but i.e after an npm install

Consider anything pre or post attached to the package as tainting the package.

Consider your entire system tainted, nothing is trustworthy at this point. Wipe and rebuild from known good media.

The malware is "luckily" written in javascript and such quite easy to analyse. No manipulation outside of .zshrc or .bashrc and a temp txt file.

Oh good. I guess running the actual program was too many steps.

j / k navigate · click thread line to collapse