Last Updated on 22/11/2021 by Anamika
Reportedly, the highly popular npm library ‘coa’ was hijacked a few days back by injecting malicious code into it, hence, impacting React pipelines around the world.
There is a very popular library called Command-Option-Argument, which receives more than 9 million weekly downloads on npm, and is almost used by 5 million people on Github, according to the reports of bleeping computer.
The authorities were able to find out this glitch but as they were setting it out, another glitch was discovered with the component called ‘rc’. The ‘rc’ component also got hijacked soon after the ‘coa’ component. The ‘rc’ component gets almost 14 million downloads a week on average, tells bleeping computer.
According to sources, there were also some malicious codes injected to the ‘coa’ releases. A shock came for the developers globally when they notice few releases for npm’s ‘coa’ library which is a project that hasn’t been touched for years.
‘coa’ is a command-line options parser for Node.js projects. The last stable version 2.0.2 for the project was released in December 2018.
Reportedly, npm has removed the compromised components which were causing harm to the database. The components are blocked from getting published temporarily while the affected data is on the recovery stage.