When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem ...

Despite being just two lines of code that perform a basic check, the is-promise library is one of today's most popular JavaScript npm packages (libraries). According to GitHub, the library is part ...

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS. If you’re building ...

The JavaScript (npm) package that got compromised is called eslint-scope, a sub-module of the more famous ESLint, a JavaScript code analysis toolkit. Hacker gained access to a developer's npm ...

On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects.

Facebook has launched Yarn, an open source JavaScript package manager that promises faster and more reliable installs than the massively popular npm. The company says its new creation is capable ...

Developers who use NPM, the popular JavaScript package manager, will now be able to connect their Twitter and GitHub accounts to the software as a recovery method. The move was announced Tuesday ...