A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...

When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem Developers ...

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...

Open source modules can contain major security problems, and are often relied upon by thousands of dependents. Speaking on the subject ‘Node.js – Could a few lines of code “F” it all up’ in the ...