Case Study: The ua-parser-js Compromise

publishing.

In October 2021, ua-parser-js, an npm library with tens of millions of weekly downloads, was briefly hijacked when its maintainer's npm account was compromised. Malicious versions were published and pulled by countless builds before the bad releases were removed.

What happened

Why it spread so fast

What defenders learn

How Verifi shortens the window →