Everything there is to find on tag: npm.
AI hallucinates in 28 percent of dependency upgrades
AI that recommends dependency upgrades without checking actual sources creates a dangerous situation. New res...
Tag: npm
Timeline
Microsoft gives guidance on Shai-Hulud 2.0 supply chain attack
The return of the Shai-Hulud supply chain attack was dubbed 'The Second Coming' shortly after the first warni...
Shai-Hulud 2.0’s impact appears vast as NPM ecosystem struggles to cope
The NPM ecosystem is once again facing a serious supply chain attack. While the previous Shai-Hulud infection...
NPM hit again by Shai-Hulud worm attack
A large-scale cyberattack has once again hit the NPM ecosystem. Following the first Shai-Hulud worm in Septem...
Supply chain hack affects billions of npm downloads
On September 8, several popular npm packages were compromised after a successful phishing attack on a maintai...
Malicious NPM packages deceive WhatsApp developers
Researchers at Socket have discovered two malicious NPM packages that pose as legitimate WhatsApp development...
Open-source malware surges 188 percent, targeting developers
Sonatype discovered 16,279 malicious open-source packages in Q2 2025, marking a 188 percent increase from the...
GitHub proposal for Sigstore adoption faces backlash from developers
Developers object to GitHub's suggestion to use Sigstore to enhance network security by connecting npm packa...
17 malicious packages found in Node.js Package Manager (NPM)
Another 17 malicious packages have been discovered in an open-source repository by researchers. In recent tim...
Security warnings in ‘npm audit’ are distracting developers
Dan Abramov, a software engineer at Facebook published a plea last week to fix a particularly problematic Jav...