ua-parser-js
Safeguard articles tagged "ua-parser-js" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Lessons from the ua-parser-js Compromise: Four Hours, Eight Million Downloads a Week
A hijacked npm account turned a tiny User-Agent parser into a cryptominer and password stealer for a few hours in 2021. Here is what account takeover does at ecosystem scale.
ua-parser-js npm hijack incident
In 2021, a hijacked npm account pushed cryptomining and password-stealing malware into ua-parser-js for 4 hours. Here's what happened and how to catch it faster.
UA-Parser-JS October 2021: A Deep Dive on the Attack
The ua-parser-js compromise of October 2021 paired credential theft with cryptominer and password stealer payloads. A close look at what happened and why.
UAParser.js npm package compromise
A deep dive into the 2021 ua-parser-js npm compromise: how a hijacked maintainer account delivered cryptominers and credential stealers to millions.
The ua-parser-js npm Hijack of October 2021
An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.
npm Package ua-parser-js Compromised: 8 Million Weekly Downloads Weaponized
Attackers hijacked the ua-parser-js npm package account and published malicious versions containing cryptominers and password stealers. The package gets 8 million downloads per week.