Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security alert! Bootloader Flashy may use infected npm package "rc" #261

Closed
rsta2 opened this issue Nov 9, 2021 · 2 comments
Closed

Security alert! Bootloader Flashy may use infected npm package "rc" #261

rsta2 opened this issue Nov 9, 2021 · 2 comments

Comments

@rsta2
Copy link
Owner

rsta2 commented Nov 9, 2021

According to the references below, the npm package rc had versions published with malicious code. This package is installed, when npm install is executed in the directory tools/flashy. Please see the references for more info!

You should not install and use Flashy any more on your system and remove the setting USEFLASHY=1 from your Config.mk. The standard bootloader is used then, which is based on Python and is not infected.
@rsta2
Copy link
Owner Author

rsta2 commented Nov 20, 2021

The rc package in the npm package repository should be clean again, so using and installing Flashy is possible again. But you should be careful, because it's not clear, if this may happen again.

@rsta2
Copy link
Owner Author

rsta2 commented Dec 6, 2021

I think, everything is told about this incident, as far this project is touched by it.

@rsta2 rsta2 closed this as completed Dec 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rsta2