An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites.

Node-ipc is a nodejs module for local and remote inter process communication with over 4 million monthly downloads on the npm repository. It is a dependency for over 350 other npm components ...

At the center of it all is npm, Inc., the Oakland startup behind the largest registry and repository of JavaScript tools and modules. Isaac Schlueter, npm's creator, said that the way the whole ...

Period. That's easier said than done. Node-ipc is present in many programs. This nodejs module is used for local and remote InterProcess Communication (IPC) on Linux, Mac, and Windows systems.

The JavaScript (npm) package that got compromised is called eslint-scope, a sub-module of the more famous ESLint, a JavaScript code analysis toolkit. Hacker gained access to a developer's npm ...