Security developer Snyk has published a free extension for Microsoft’s popular Visual Studio Code editor that finds vulnerabilities in NPM packages.

有名「npm」パッケージに仮想通貨を盗むコードが混入 ～「Visual Studio Code」拡張機能にも 本体には影響なし、“Visual Studio Marketplace”にも対策が ...

Microsoft said its Visual Studio Code 1.7 release overloaded the npmjs.org JavaScript package management service for Node.js, forcing a version rollback to 1.6.1.

Hundreds of code libraries posted to NPM try to install malware on dev machines These are not the the developer tools you think they are.