News
Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...
Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported ...
A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...
According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...
A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback