科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>reactjs - I accidentally did an npm install on reacct-dom instead of react-dom. What should I do? - Stack Overflow

    reactjs - I accidentally did an npm install on reacct-dom instead of react-dom. What should I do? - Stack Overflow

    programmeradmin3浏览0评论

    I tried running the command

    npm install react react-dom

    But I ended up typing

    npm install react reacct-dom

    When I was getting errors, I went back and sure enough found my mistake. I promptly deleted the packages using:

    npm un react reacct-dom

    But I am worried I might have downloaded something malicious that is persistent. What should I do to be sure?

    When I looked up npm reacct-dom I found this website:

    .lin?activeTab=packages

    Upon looking at this guys packages he has many that are typos of reacct-dom.

    Again I uninstalled the package using npm un react reacct-dom. I don't know if I could still be in danger of malware.

    I tried running the command

    npm install react react-dom

    But I ended up typing

    npm install react reacct-dom

    When I was getting errors, I went back and sure enough found my mistake. I promptly deleted the packages using:

    npm un react reacct-dom

    But I am worried I might have downloaded something malicious that is persistent. What should I do to be sure?

    When I looked up npm reacct-dom I found this website:

    https://www.npmjs/~arch.lin?activeTab=packages

    Upon looking at this guys packages he has many that are typos of reacct-dom.

    Again I uninstalled the package using npm un react reacct-dom. I don't know if I could still be in danger of malware.

    • reactjs
    • security
    • npm
    • react-dom
    Share Improve this question edited Feb 16 at 13:49 marc_s 755k184 gold badges1.4k silver badges1.5k bronze badges asked Feb 16 at 0:48 BrendonsDadBrendonsDad 32 bronze badges New contributor BrendonsDad is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. 1
    • Well you can open the "Code" tab of the package you accidentally downloaded, check whats inside, check its package.json file to see what else was downloaded as subdependencies. I checked few of the packages from this user and all of them were empty, without any code or any subdependencies. – Sergey Sosunov Commented Feb 16 at 1:03
    Add a comment  | 

    2 Answers 2

    Reset to default 0

    No, you are not in any danger of being hacked. Looking at the codetab you can see there are no js files or any other executables for that matter.

    No files are suspiciously large another good sign. And none of the file seem to contain anything malicious.

    If you want to be extra sure nothing is on your system run npm cache-clean --force to clear all cached files by npm.

    While reacct-dom does not currently have malicious code, the fact that such a package was published just to exploit a potential typo is suspicious and is usually called a typosquatting attack.

    You can use vet to inspect a single package before installing. We do have plans to hook into npm or similar package manager workflow to do this automatically.

    Full Disclosure: Developer of vet here.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论