InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
Hosted on MSN

Dev snared in crypto phishing net, 18 npm packages compromised

Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm account.… The malware targets ...
Bleeping Computer

Infostealer campaign compromises 10 npm packages, targets devs

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple ...
Threat Post

Dev Sabotages Popular NPM Package to Protest Russian Invasion

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. The developer ...
CSOonline

Hackers drop 60 npm bombs in less than two weeks to recon dev machines

Threat actors have likely made off with sensitive host and network information from developers’ systems in a coordinated malware campaign, involving 60 malicious npm packages, that were live for just ...