In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer’s account in a phishing attack.
The package maintainer whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website impersonating the legitimate npmjs.com domain.
Thing is, with malicious AUR packages or smth I can just check the DB or /bin if it’s installed. With the (default) local architecture of npm, I’ll first have to sudo find / -iname npm a few TB of files.