MEDIUMSupply Chain
Global
Atomic Arch npm Campaign Adds Malicious Dependency
·Source: Sonatype (Maven/npm)
Updated:
Executive Summary
Analysis
Sonatype researchers have identified a malicious package campaign, dubbed Atomic Arch, that targets orphaned packages in the Arch User Repository (AUR).