But the script is a *prompt* run by the user's installation of Claude Code. This avoids it being detected by tools that analyze code for malware
From @zacl_overflow on X
emino on Nostr: A popular NPM package got compromised, attackers updated it to run a post-install ...
A popular NPM package got compromised, attackers updated it to run a post-install script that steals secrets
But the script is a *prompt* run by the user's installation of Claude Code. This avoids it being detected by tools that analyze code for malware
From @zacl_overflow on X
But the script is a *prompt* run by the user's installation of Claude Code. This avoids it being detected by tools that analyze code for malware
From @zacl_overflow on X