A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://docs.npmjs.com/reporting-malware-in-an-npm-package below:

Reporting malware in an npm package

Reporting malware in an npm package

If you find malware in an npm package (either yours or someone else's), you can report it to the npm Security team to help keep the JavaScript ecosystem safe.

Note: Vulnerabilities in npm packages should be reported directly to the package maintainers. We strongly advise doing this privately. You can find contact information about package maintainers with npm owner ls <package-name>. If the source code is hosted on GitHub please refer to the repository's Security Policy.

How npm Security handles malware

Malware is a major concern for npm Security and we have removed hundreds of malicious packages from the registry. For every malware report we receive, npm Security takes the following actions:

  1. Confirm validity of the report.
  2. Remove the package from the registry.
  3. Publish a security placeholder for the package.
  4. Publish a security advisory alerting the community.

As part of our process we determine whether the user account who uploaded the package should be banned. We also cooperate with 3rd parties when applicable.

Reporting malware
  1. Gather information about the malware.
  2. On the package page, click Report malware.
  3. On the malware report page, provide information about yourself and the malware:
  4. Click Send Report.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4