TechJuice

Massive npm Supply-Chain Attack: Shai-Hulud Worm Infects Over 180 Packages

A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...

Socket will block it with free malicious package firewall

Socket Firewall Free builds upon the company's safe npm tool by extending scanning capabilities beyond the ...
The Register on MSN

Self-propagating worm fuels latest npm supply chain compromise

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.… According to Charlie ...

Ledger CTO warns of shocking NPM attacks by crypto hackers

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...
Business Wire

npm, Inc. Releases npm@6 Package Manager with Powerful, Built-In Security Protections

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., which runs the world’s largest software registry and maintains the `npm` software package management application, today announced npm@6, a major update to ...

Unofficial Postmark MCP npm silently stole users' emails

A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single ...
ZDNet

npm bans terminal ads

After last week a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and plans ...
Redmond Magazine

GitHub Buying JavaScript Company npm Inc.

GitHub, part of Microsoft, announced on Monday that it's agreed to acquire open source JavaScript solutions company npm Inc. Financial terms of the deal weren't described. Nat Friedman, GitHub's CEO, ...