Explore >> Select a destination

You are here

 snyk.io
A post-mortem of the malicious event-stream backdoor | Snyk
| | www.nodejs-security.com
The XZ backdoor CVE-2024-3094: a JavaScript perspective
7.5 parsecs away

Travel
| | The XZ backdoor CVE-2024-3094 already happened in JavaScript 5 years ago but now the xz and liblzma malware bundled onto Linux distributions is bringing forth a world-wide threatening event in cybersecurity that jeopardizes the trust, sustainability and security concerns in the open-source ecosystem.
| | johncodes.com
To Catch a Hacker - NPM Even Stream | John McBride
6.6 parsecs away

Travel
| (Note: this post is from a legacy blog dated 12/14/2018 and some content or links may have changed) A few weeks ago, this issue was opened on a popular Node NPM package called Event Stream. This package enables Node streams to be simpler and streamlines many I/O operations within Node. Regardless, this package is a key dependency for many other Node packages and has over 1 million downloads per week from NPM.