开发者生态 None 攻击者在Flippa上购买了30个WordPress插件,并在所有插件中植入了后门 一名攻击者在数字市场Flippa上以六位数的价格购入了Essential Plugin的全部产品组合,其中包括30多个WordPress插件,总安装量达40万次。该买家的 首次代码提交 "便是一个PHP反序列化后门。该后门潜伏了八个月,直至 WordPress npm php 2026-05-12 作者:Steef-Jan Wiggers
开发者生态 None Show HN:安全安装 – 具有可信构建依赖项的更安全的 NPM 安装 In light of the ongoing npm supply chain compromises, I built safe-install: https://www。com/package/@gkiely/safe-install install https com 2026-05-12 gkiely
开发者生态 None 事后分析:TanStack npm 供应链妥协 Start RC Start RC Router Router Query Query Table Table DB beta DB beta AI alpha AI alpha Form new Form new Virtual Virt alpha the npm 2026-05-12 varunsharma07
开发者生态 None TanStack NPM 软件包受到威胁 TanStack / router Public Uh oh。There was an error while loading。Please reload this page。Notifications You must be signed are npm Copy 2026-05-11 varunsharma07