North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.
A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...
Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code. According to advisories from the npm security team, the three JavaScript libraries opened ...
New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows ...
PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and ...
Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor ...
Researchers found malicious packages on the npm registry that, when installed, inject malicious code into legitimate npm packages already residing on developers’ machines. Attackers who target ...
A significant percentage of the 50,000 most-downloaded npm packages are deprecated or have a deprecated dependency but provide no warning. Security researchers warn that many npm packages are being ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback