Sign in / up

back to article Malicious backdoored NPM package masqueraded as Twilio library for three days until it was turfed out

GitHub's NPM on Monday removed a JavaScript library called twilio-npm because it contained malicious code, which has become something of a recurring theme for the open-source JavaScript code registry. The offending library, designed to backdoor a victim's device and allow remote code execution, was spotted by Sonatype, the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Peter Prof Fox

    I'm impressed

    Isn't this how the internet is supposed to work? (Says an old fogey.) Issue --> Fix it. Anyone who expects the fire brigade to be on the scene before the fire breaks out is expecting too much.

    3 2 Reply
    1. sabroni Silver badge
      Reply Icon

      Re: Isn't this how the internet is supposed to work?

      The problem is that the systems that detect malicious code don't scale in line with contributions.

      8 1 Reply
    2. Doctor Syntax Silver badge
      Reply Icon

      Re: I'm impressed

      We do, however, expect reception not to let people carrying cans of petrol and matches get into the building.

      2 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    We're doomed

    In 10 years time, these same cut-n-paste coders will be writing code for traffic lights, power stations, medical equipment....

    1 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    That stable door is long open

    I have seen some very dubious source code in critical equipment. Companies have been outsourcing to sweatshops for decades

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like