Readit News logoReadit News
p3rspective commented on Shai-Hulud Returns: Over 300 NPM Packages Infected   helixguard.ai/blog/malici... · Posted by u/mrdosija
gred · a month ago
I assume you're talking about malware uploaded to new artifact coordinates (possibly named so as to try to confuse users), not hijacking of existing artifact coordinates (group ID, artifact ID)?
p3rspective · a month ago
generally yes, although hijacking can and has happened on Central with expired maintainer domains reclaimed by threat actor who can then republish malicious versions of a previously legit group/artifact ID. there's also the problem of mirrors or copies of hijacked npm being replicated on Central -https://x.com/SocketSecurity/status/1993389518247149907
p3rspective commented on Shai-Hulud Returns: Over 300 NPM Packages Infected   helixguard.ai/blog/malici... · Posted by u/mrdosija
gred · a month ago
NPM has about 4 million packages, Maven Central has about 3 million packages.

If this were true, wouldn't there have been at least one Maven attack by now, considering the number of NPM attacks that we've seen?

p3rspective · a month ago
Make no mistake, Maven Central does get multiple malware components uploaded each year, though not nearly to the same extent as npm or pypi. Sonatype (my former employer) just doesn't report on these publicly each time it happens. It's not an isolated problem but certainly harder to do with maven.
p

u/p3rspective

KarmaCake day1November 25, 2025View Original