npm に投稿された悪意あるライブラリの検出って重要ですね malware detection in public reposity is quite important

in #japanese7 years ago

npm

Node.js 向けパッケージ管理サービスの npm から あるパッケージをインストールしようとしたら次のようなメッセージが出ました。

When I tried to install some package from npm, which is a public repository of Node.js packages, I got the following warning:

> babel-node@6.5.3 postinstall /usr/local/lib/node_modules/babel-node
> node message.js; sleep 10; exit 1;

┌─────────────────────────────────────────────────────────────────────────────┐
|                         Hello there ********** 😛                           │
|          You tried to install babel-node. This is not babel-node 🚫          │
|               You should npm install -g babel-cli instead 💁 .               │
|    I took this module to prevent somebody from pushing malicious code. 🕵    │
|                    Be careful out there, **********! 👍                     │
└─────────────────────────────────────────────────────────────────────────────┘

紛らわしい名前で悪意あるコードをインストールさせようというのは、どこにでもありますね。

Although it’s a popular scam to install malicious softwares with misleading names, npm looks good to detect such malware.

#note #javascript #npm #nodejs
7 years ago in #japanese by
$0.02
  • Past Payouts $0.02, 0.00 TRX
  • - Author $0.02, 0.00 TRX
  • - Curators $0.00, 0.00 TRX
10 votes
Reply 1
Sort:  
  • Trending
    • [-]
     7 years ago 

    Congratulations @nemufox! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

    Award for the number of upvotes

    Click on any badge to view your own Board of Honor on SteemitBoard.
    For more information about SteemitBoard, click here

    If you no longer want to receive notifications, reply to this comment with the word STOP

    By upvoting this notification, you can help all Steemit users. Learn how here!

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.20
      TRX 0.13
      JST 0.029
      BTC 62871.45
      ETH 3479.64
      USDT 1.00
      SBD 2.53