Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...
Charlie Eriksen, a researcher at Aikido, identified the infected libraries and confirmed each detection manually to minimize ...
Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
OAKLAND, CA--(Marketwired - Apr 14, 2015) - npm, Inc., the most widely used package manager for JavaScript, announced today that it has raised $8 million for a series A round of funding. The series ...
Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.
The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
NodeSource’s Certified Modules service, intended to ensure the safety of NPM modules, becomes generally available on Thursday. Previously available only in a private beta stage, the service for ...
A hugely popular open source Javascript npm module had malicious code injected after the original developer handed it over to another unknown person to maintain. New Zealander Dominic Tarr maintained ...
Most JavaScript developers are familiar with the npm package manager, which was originally developed by Isaac Schlueter. What many probably don’t know is that npm is also a company co-founded by ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback