News
Researchers at Socket, a cybersecurity firm specializing in protection against supply chain attacks, and crypto security specialist Scam Sniffer both sounded alarms today, warning that the popular ...
Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...
Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...
Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...
Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
Even with competition from newer runtimes Deno and Bun, Node.js remains the flagship JavaScript platform on the server. Server-side Node frameworks like Express, build-chain tools like Webpack, and a ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback