Are you going to be the next victim?

Disclaimer: I use npm myself, the point of this post is not to discredit npm, it is to help people understand that packages within the npm ecosystem should not be installed without doing research on them.

Imagine that you just found the perfect package that provides everything that you need for your application. A week after installing it, an article comes out talking about that same package being a malicious backdoor into your application. You rush to remove it but realize that all your clients’ data, secrets, and keys have already been compromised. …

Drew Klayman

Software Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store