5/23/2026 at 1:18:56 AM
by 882542F3884314B
5/23/2026 at 4:35:29 AM
Postinstall hooks are a footgun. The bad part here is that people reviewing a PHP package may not even look closely at package.json.by kspetkov79
5/23/2026 at 3:56:35 AM
Title is somewhat misleading. "Node projects" mean projects using nodejs as opposed to projects under the Node.js org.by nullsex
5/23/2026 at 2:57:41 AM
How many more examples of malware postinstall scripts do we need before Node quits running them by default, without warning?by tedchs
5/23/2026 at 3:39:02 AM
[dead]by nullsex
5/23/2026 at 1:37:13 AM
All Composer packages (but the malicious part is in the node dependency)Effected*
> Use effect as a noun to refer to a change resulting from something.
by gnabgib
5/23/2026 at 3:20:27 PM
[flagged]by ryanshrott