Bleeping Computer

Malware found in NPM packages with 1 million weekly downloads

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences. The malicious code is heavily ...

How to stay safe if you’re using MetaMask, Phantom, Trust or any crypto wallet from NPM attack

Note: If you’re using MetaMask, Phantom, Trust Wallet, or any crypto app, the advice is simple, take your time, check every ...
Bleeping Computer

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
heise online

Remote access Trojan found in npm package with 40,000 weekly downloads

Compromised variants of the "rand-user-agent" package have surfaced on npm, which had a remote access Trojan on board. Although the random user agent is marked as obsolete, it is still downloaded a ...