![The OWASP Podcast Series artwork](https://is5-ssl.mzstatic.com/image/thumb/Podcasts/v4/08/7e/37/087e3712-f795-6edd-a1d9-a75f35187704/mza_8089725047110589537.jpg/100x100bb.jpg)
event-stream: Analysis of a Compromised npm Package
The OWASP Podcast Series
English - November 27, 2018 20:19 - 21 minutes - 21.2 MB - ★★★★★ - 23 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software Developer at Intrinsic and author of "Compromised npm Package: event-stream", and Brian Fox, CTO of Sonatype, author of the Forbes "Open Source Developers And Infrastructure Are The New Front Line Of Security?" article.
Compromised npm Package: event-stream
https://medium.com/intrinsic/compromi...
Open Source Developers And Infrastructure Are The New Front Line Of Security
https://www.forbes.com/sites/forbestechcouncil/2018/05/11/open-source-developers-and-infrastructure-are-the-new-front-line-of-security/#2ad9e84457c2
Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof
https://blog.sonatype.com/open-source-software-is-under-attack-new-event-stream-hack-is-latest-proof