In what is now considered the largest npm supply-chain compromise in history, attackers hijacked 18 widely used npm packages — including chalk, debug, ansi-styles, and strip-ansi — with a staggeringRead More →
Cybersecurity specialists report the detection of a set of malicious packages in Node.js package manager repository (npm) designed to collect Discord tokens and eventually take control of the affected accounts.Read More →
GitHub researchers announced the detection of two severe security flaws in NPM, the Node.js package manager. According to the report, one of these flaws could be exploited by threat actorsRead More →
The developers of Sonatype, an automated malware detection system, report the finding of a set of malicious packages in the npm registry; According to the report, these malicious payloads areRead More →
Nothing is safe these days, not even Node’s npm.The Node.js Package Manager (or just npm) allows the author of a malicious package to infect other packages and propagate malicious scriptsRead More →
