The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript ...

A recent surge in malicious activity involving North Korean-linked threat groups has been identified by cybersecurity researchers, revealing a coordinated campaign targeting the npm ecosystem. The ...

On February 22, JFrog cybersecurity researchers Andrey Polkovnychenko and Shachar Menashe said that 25 malicious Node Package Manager (npm) packages had recently been detected by the firm's scanners, ...

Security researchers have discovered yet another supply chain attack campaign using malicious npm packages, this time targeting Discord users. Kaspersky said it identified four suspicious packages in ...

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...

Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within JavaScript and TypeScript projects, were hijacked after a maintainer fell victim to a ...

Four JavaScript npm packages contained malicious code that collected user details and uploaded the information to a public GitHub page. According to Sonatype security researcher Ax Sharma, the four ...

A new group of maintainers is proceeding with an ‘official’ version of the Faker JavaScript library after the previous maintainer went rogue. In the wake of a recent incident that wreaked havoc on the ...

Workspaces support in the NPM CLI allow you to manage multiple packages from within a single top-level root package NPM 7.0.0, an upgrade to the JavaScript package manager, is due to be released with ...