Malicious Modules — what you need to know when installing npm packages

Liran Tal
Liran Tal
Jul 17, 2018 · 5 min read

node_modules/ > black holes

Malicious Modules

report from Snyk.io website for malicious modules submitted to npm

Malicious Contributors


Compromised Contributors

Joey shares your concern

A Safer World

Consider using npq

npq to safely install packages

Liran Tal

Written by

Liran Tal

🥑Developer Advocate @snyksec | @NodeJS Security WG | 🛰️ @jsheroes ambassador | Author of Essential Node.js Security | ❤️ #opensource #web ☕🍕🎸

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade