Sign in / up

back to article Ripple NPM supply chain attack hunts for private keys

Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency. The NPM package, xrpl, is a JavaScript/TypeScript library that devs use to interact with and build apps using the cryptocurrency ledger's features. This includes wallet and key management, payment …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. teknopaul

    Redacted

    You are not allowed to sell your own projects on el reg (understandably) but this problem bagged me years so I wrote my own nom, simpler better And safer.

    Can't tell you anything about it,but I cane be smug.

    0 0 Reply
    1. An_Old_Dog Silver badge
      Reply Icon
      Facepalm

      Re: Redacted

      I hope you are much-more-careful typing in your code than you are typing in your posts to The Register.

      3 0 Reply
  2. teknopaul

    Just sayin

    Is it me or is it often Npm caught in supply chain attacks?

    Rarely Debian.

    Apple makes the list...

    shareware.com winrar.exe releases seemed to fair better.

    <snark/>

    2 0 Reply
    1. CowHorseFrog Silver badge
      Reply Icon

      Re: Just sayin

      Javascript is a class act all the way down and up.

      So much is done so poorly, rush ahead without care or responsibility.

      0 1 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like