Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies.
Collectively called PackageGate, the vulnerabilities were discovered in multiple util...
news.fmisec.com3 min read