Comment by roskoalexey

Comment by roskoalexey 15 hours ago

0 replies

View on Hacker News

Some more details:

1. Malware uses a "preinstall" NPM script, which is triggered upon you running `npm install`.

2. Malware installs `bun`.

3. Then it installs and starts `trufflehog` (a tool for scanning code for secrets, API keys, passwords, etc.).