#NPM package

Ryan Kung 🇺🇦 🌪️

5天前

⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️ 安全警告，由于npm的error-ex包被攻击者恶意注入，以下NPM package收到污染。请开发者立即检查进行代码审查，确保error-ex使用的是1.3.2以下的版本。 The npm package error-ex has been maliciously injected by attackers, and multiple core dependencies may have been compromised. Developers should immediately audit their dependencies and ensure that error-ex is pinned to version 1.3.2 or lower. 受到影响的packages包括但可能不限于： Known affected packages (not limited to): backslash (0.26m downloads per week) chalk-template (3.9m downloads per week) has-ansi (12.1m downloads per week) simple-swizzle (26.26m downloads per week) error-ex (47.17m downloads per week) color-name (191.71m downloads per week) slice-ansi (59.8m downloads per week) color-convert (193.5m downloads per week) ansi-regex (243.64m downloads per week) supports-color (287.1m downloads per week) chalk (299.99m downloads per week) debug (357.6m downloads per week) ansi-styles (371.41m downloads per week)

#NPM package #error-ex #安全漏洞 #代码审查 #恶意注入