All Open-Sourced Code Should Be Reviewed
The three packages ( plutov-slack-client, Nodetest199, nodetest1010) opened shells on machines of developers who imported them into projects. The shells allowed bad actors to remotely connect to those machines and perform nefarious activities. These packages can function on Windows and *nix operating systems like Linux, and have been live for over a year, resulting in hundreds of downloads. From ZDnet:
***Click here for full text***
Originally published at https://www.pwvconsultants.com on October 20, 2020.