Ars Technica

Hundreds of code libraries posted to NPM try to install malware on dev machines

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...
heise online

New NPM attack: Self-replicating malware infects dozens of packages

Various IT security companies are warning of new attacks on the npm ecosystem around node.js. Several dozen packages (at least 40, in one report as many as 150) are infected with malware that steals ...
CSOonline

New npm threats can erase production systems with a single request

Two malicious npm packages have been found posing as legitimate utilities to silently install backdoors for complete production wipeout. According to Socket research, the packages “express-api-sync” ...

Ledger CTO warns of shocking NPM attacks by crypto hackers

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...