The npm Package That Wipes Your Files When You Try to Stop It
An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a dead-man’s switch that nukes your system. The attacker’s timing was specific. A fork, a hidden commit, a zero-diff pull request, and then nothing visible for nearly eight hours. On May 11, between 19:20 and 19:26 […] The post The npm Package That Wipes Your Files When You Try to Stop It appeared first on Live Bitcoin News.