Post
I was able to track down 3 out of the remaining 5 affected packages and posted bug reports & security alerts to those developers I located.
Sure would be nice if NPM and GitHub did this automatically.... kinda feel like I've done an awful lot of free labor for Microsoft this week.
https://github.com/datapartyjs/walk-without-rhythm/issues/13
Just checked back on the Sha1-Hulud virus/worm. FINALLY npm appears free of obviously infected packages.
I still however am seeing infected machines posted their private data publicly on GitHub.
Not only that, I can see infected developer's github repos are being defaced in realtime.
These microsoft owned platforms seem to be really struggling with stopping this worm.
Query for defaced repos 👇🏿
https://github.com/search?q=api.airforce&type=repositories&s=updated&o=desc
#NPM #microsoft #github #Sha1Hulud #WalkWithoutRhythm #cybersecurity
A space for Bonfire maintainers and contributors to communicate
