“The mysterious supply chain concern of string-width-cjs npm package | Snyk”
https://snyk.io/blog/supply-chain-string-width-cjs-npm/
> It is my assumption that all of these dependent packages and download boosts are leading to the sole purpose of creating false legitimacy for the 3 *-cjs package
Fun fun fun.
The mysterious supply chain concern of string-width-cjs npm package
Npm package aliasing can be a security threat. Learn about how malicious actors can exploit this feature to introduce fake packages into your projects. Protect your projects with best practices and stay vigilant against supply chain attacks.Liran Tal (Snyk)
Roland Häder likes this.
reshared this
Roland Häder
in reply to Baldur Bjarnason • •