A recent discovery revealed how official documentation can become an unexpected attack vector for supply chain attacks. It happened when an npm package called “rtn-centered-text” exploited an example from React Native’s Fabric Native Components guide in an attempt to trick developers into downloading their package, putting systems at risk.
Malicious NPM Package Exploits React Native Documentation Example
Submitted 3 weeks ago by Joker@sh.itjust.works to cybersecurity@infosec.pub
https://checkmarx.com/blog/malicious-npm-package-exploits-react-native-documentation-example/