Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

anything except that it's malware installed via npm


As you can see here, they've already switched it out for a different command, likely due to incident responders over-indexing on npm as an IOC.

https://news.ycombinator.com/item?id=48503258




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: