UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

Node Package Manager (NPM) is installed on your Windows computer once you install Node.js. It is a package manager for modules of Node.js, and it’s ready to run on your Windows PC. In this article, we ...

In a surprising move, the popular open source project, SheetJS aka "xlsx," has dropped support for the npm registry. Downloaded about 1.4 million times weekly on npm, SheetJS is relied upon by NodeJS ...

Threat actors have been observed uploading over 15,000 spam packages to the npm open-source JavaScript repository from multiple user accounts within hours. The claims come from JavaScript developer ...

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain ...

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub repo. Attackers behind a recent supply chain attack that involved rogue ...