Nuacht

InfoWorld9y

Node.js alert: Google engineer finds flaw in NPM scripts

Node.js developers, run NPM install at your own risk -- a self-replicating worm can easily spread through the ecosystem ...
Bleeping ComputerLíon na míonna: 2

Malware found in NPM packages with 1 million weekly downloads

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).
Threat Post3y

Dev Sabotages Popular NPM Package to Protest Russian Invasion

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.
CSOonlineLíon na míonna: 5

Malicious npm packages found to create a backdoor in legitimate code

Researchers found malicious packages on the npm registry that, when installed, inject malicious code into legitimate npm packages already residing on developers’ machines.
Ars Technica3y

NPM package with 3 million weekly downloads had a severe vulnerability ...

Popular NPM package "pac-resolver" has fixed a severe remote code execution (RCE) flaw. The pac-resolver package receives over 3 million weekly downloads, extending this vulnerability to Node.js ...