Developer Tools

Slidev Resolver Vulnerability: When Themes Become Trojan Horses

A medium-to-high severity vulnerability was discovered and patched in Slidev's resolver module, where dynamically loaded theme and plugin packages specified in slide frontmatter lacked proper validation, allowing a malicious package name to execute arbitrary code with the developer's full OS privileges. This fix addresses a supply-chain-adjacent attack vector that could allow attackers to exfiltrate credentials or compromise developer machines simply by sharing a crafted markdown presentation fi