这起事件再次敲响警钟：开源生态的便利背后，供应链安全始终是潜在的“软肋”。前端开发者或许不是黑客的直接目标，但却可能在不知不觉中成为受害者。 9 月 8 日，Node.js 生态链遭遇前所未有的冲击。资深 npm 维护者 Qix（Josh Junon） 因一封钓鱼邮件泄露了 ...

Empower your AI agents (like Cline) with the ability to securely read and extract information (text, metadata, page count) from PDF files within your project context using a single, flexible tool.

Update (Sept. 10, 10:35 am UTC): This article has been updated with information throughout. Update (Sept. 10, 11:50 am UTC): This article has been updated to add comments from a Polygon representative ...

A major attack on the supply chain for software packages for the widely used JavaScript runtime environment node.js was discovered on Monday. The attacker has injected obfuscated malicious code into ...

Patched Version: The last known safe version is 1.3.2. Version 1.3.3 of the error-ex package, published recently on npm, contains obfuscated, malicious code. This code appears to be a "crypto-clipper" ...