Cybernews

Hundreds of NPM packages compromised as ongoing supply chain attack snowballs out of control

Halud, is compromising hundreds of NPM packages, spreading self-replicating malware, exfiltrating data, and turning private ...
InfoWorld

Safety in Node.js: NodeSource to certify NPM modules

NodeSource’s Certified Modules service, intended to ensure the safety of NPM modules, becomes generally available on Thursday. Previously available only in a private beta stage, the service for ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
Tweakers

Wat zijn npm-packages en waarom richten hackers zich erop?

Voor de tweede keer in korte tijd hebben aanvallers malware verspreid via npm-packages. Wat is npm eigenlijk en waarom hebben ...
The Register on MSN

Self-propagating worm fuels latest npm supply chain compromise

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with ...
IT News For Australia Business

Phishing attack nets enormous npm supply chain compromise

A successful phishing attack against a developer has resulted in one of the largest supply chain compromises to date, adding malicious code to JavaScript packages with around 2.7 billion weekly ...