IT News For Australia Business

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
InfoWorld

How one yanked JavaScript package wreaked havoc

When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem Developers ...
adtmag.com

New in Node.js: Certified Modules, Free Orgs Collaboration Tool

New developments in the popular Node.js ecosystem include curated Certified Modules from NodeSource and a free version of the Orgs collaboration tool from npm Inc. Node.js is an open source, ...
Bleeping Computer

Compromised JavaScript Package Caught Stealing npm Credentials

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
Infosecurity-magazine.com

#Infosec17 Dangers and Dependencies of Open Source Modules Detailed

Open source modules can contain major security problems, and are often relied upon by thousands of dependents. Speaking on the subject ‘Node.js – Could a few lines of code “F” it all up’ in the ...
Ars Technica

Best nodejs REPL replacement module?

I've been slowly teaching myself nodejs and have gotten to the point where I've noticed some problems with the default REPL. Thing is, searching 'repl' on npmjs.com, returns 883 results. Googling for ...