Gabi DobocanforSandwormsandworm.hashnode.net·Apr 15, 2023Dissecting Npm Malware: Five Packages And Their Evil Install ScriptsPackages published on npm can declare pre and post-install hooks, which are scripts that run, well, pre or post-install. That is to say, when the npm CLI installs a package, it also runs those scripts on your machine. It runs them silently, in the ba...11 likes·4.1K readsnpmAdd a thoughtful commentNo comments yetBe the first to start the conversation.
