The legitimate ESLint packages on the npmjs.com registry are called “typescript-eslint” and “@typescript-eslint/eslint-plugin.” This has unscrupulous actors publishing a typosquat named “@typescript_eslinter/eslint” that very closely resembles the names of the real libraries, but is up to no good. The counterfeit component has been downloaded thousands of times. Similarly, attacks impersonated another popular npm package “@types/node” with its counterfeit version having scored 6,765 weekly downloads with 20,502 downloads over the course of its lifetime. Sonatype’s 2024 Open Source Malware report highlights that 98.5% of all open source malware discovered by us was published in the npmjs.com registry, which remains a prominent choice among threat actors looking to push their malicious artifacts downstream to millions.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2024/12/counterfeit-eslint-and-node-types-libraries-downloaded-thousands-of-times-abuse-pastebin/
