Login
From:
Articles – Lutra Security
(Uncensored)
subscribe
Manifest confusion
https://lutrasecurity.com/en/articles/manifest-confusion/
links
backlinks
Roast topics
Find topics
Find it!
Manifest confusion is a problem in the architecture of npm, pointed out by Darcy Clarke: An npm package’s manifest is independently published from its tarball and never fully validated.
