News

Destructive malware available in NPM repo went unnoticed for 2 years
Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year ...
Dozens of malicious packages on NPM collect host and network data
NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat ...
CSO Online8d
Hackers drop 60 npm bombs in less than two weeks to recon dev machines
All malicious npm packages carried identical payloads for snooping sensitive network information from developers’ systems.
The Hacker News9d
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
VS Code extensions deployed sandbox-evasive malware to steal system data, developer credentials, and crypto wallets.
Windows Report12d
Malicious NPM packages are stealing data and damaging systems
Security experts at Socket’s Threat Research team, have discovered a campaign in the NPM ecosystem, which includes Malicious ...
DataBreachToday11d
Reconnaissance Campaign Active on NPM Repository
A hacking campaign is spreading malicious reconnaissance scripts already downloaded more than 3,000 times from the JavaScript ...
InfoWorld8y
Vue.js JavaScript framework revs up rendering
Vue.js, which has been positioned as a rival to Facebook ... all have TypeScript typings shipped in npm packages. The Vue team has provided a migration guide and a CLI migration helper.
ZDNet5y
Another one-line npm package breaks the JavaScript ecosystem
Despite being just two lines of code that perform a basic check, the is-promise library is one of today's most popular JavaScript npm packages (libraries). According to GitHub, the library is part ...
ZDNet5y
Microsoft buys JavaScript developer platform npm; plans to integrate it with GitHub
Microsoft plans to integrate GitHub with npm with the intent of making the combined community even more appealing to JavaScript developers. npm, in addition to offering the Node package manager ...