On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects.
Security researchers from Socket have stumbled upon a digital booby trap set for Russian-language users within JavaScript packages. The researchers found two npm packages – with the rather innocuous ...
The maintainer for several highly popular npm debug and chalk packages has revealed he was recently the victim of a phishing attack, which led to the compromise of all 18 packages. “Yep, I’ve been ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback