NPM Registry Found to be Vulnerable to 'Manifest Confusion' Abuse
NPM Registry Found to be Vulnerable to 'Manifest Confusion' Abuse
28 June 2023
The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files.