NPM 软件包 posthog-js 1.297.3 包含恶意软件
1 分•作者: roskoalexey•7 个月前
我知道我们很多人都在使用非常出色的 PostHog 服务,但似乎他们最新版本的 `posthog-js` NPM 包中包含了恶意软件。<p>已向他们的安全渠道报告,也已向 NPM 报告,但同时也想在这里引起大家的注意。
查看原文
I know many of us use a really excellent PostHog service, but it seems their latest version of `posthog-js` NPM package contains malware.<p>Reported to their security channel, also reported to NPM, but also wanted to raise awareness here.