Npm ecosystem vulnerable to new manifest confusion attack :

Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers.

Related Keywords

China , Chinese , Darcy Clarke , , Node Package Manager , Redhunt Labs , Side Enforcement ,