News

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks
A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software ...
CSO Online13d
Hackers booby trap NPM with cross-language imposter packages
Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node ...
SD Times5y
GitHub acquires JavaScript package manager provider npm
GitHub has announced plans to acquire npm. Npm is the company behind the Node package manager for the programming language JavaScript, the npm Registry and npm CLI. “npm is a critical part of ...
Computing3y
Researchers warn of malicious typosquatting packages making their way into open source repositories
In a blog post detailing their findings, Sonatype researcher Ax Sharma said they had discovered 130 typosquatting packages on the JavaScript package manager npm and a dozen malicious packages on ...