Obfuscated code suddenly appearing in next.config.js / postcss.config.js without direct file changes #188732
Unanswered
robellorin
asked this question in
Code Security
Obfuscated code suddenly appearing in next.config.js / postcss.config.js without direct file changes
#188732
Replies: 1 comment
-
|
Hi @robellorin, The same thing is happening to me and my team. We haven’t been able to find the cause, but it appears to be using a force push to rewrite the commit history. If you find any solution, please let us know. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
General
Body
Hi everyone,
I recently noticed something strange in a few private repositories I worked on. Around November 15, heavily obfuscated JavaScript code suddenly appeared in configuration files like next.config.js and postcss.config.js.
The unusual part is that the commits where these files appeared do not clearly show intentional changes to those files. In some cases, the code shows up in a later PR even though the file wasn’t modified in the previous commit. This also happened across multiple repositories and even under commits from different developers.
The injected code looks like an obfuscated loader that decodes and executes hidden payloads, which made me concerned it might be malicious or the result of some automated injection (possibly from a dependency or build process).
Has anyone seen something similar before or knows what might cause this behavior?
next.config.js
postcss.config.js
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions