Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

organizations that rely on open-source interpreted programming languages for different internal and external applications. Attackers can infiltrate well-defended organization by simply subverting the software supply chain of registries. For example, eslint-scope 4, a package with millions of weekly downloads in Npm, was compromised to steal credentials from developers. Similarly, rest-client These attacks demonstrate how miscreants can covertly gain access to a wide-range of organizations by carrying out a software supply chain attack.