I am fixing 4 moderate severity vulnerabilities on vite js / plugin react ., is that connect with the the post above
Discussion
Nope. post above is about Rust crates, but there have been a huge number of similar attacks on npm packages recently too.
Pretty scary attack actually
https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/
NPM
Package mostly installed from
Git hub repo , and sometimes they show you , like 4 moderate vulnerabilities until 3 severe vulnerability for example … always be cautions and careful to download . Sometimes there is so much version deprecated ⚠️