Everything there is to find on tag: npm.
Malicious code found in Red Hat’s npm packages
Security researchers have discovered malicious code in dozens of npm packages published under Red Hat’s nam...
Tag: npm
Timeline
Microsoft discovers new npm attack in 14 packages
Microsoft has discovered a new supply chain attack in which an attacker published fourteen malicious npm pack...
Aikido Endpoint offers developers additional protection against supply chain attacks
Aikido Security is launching Aikido Endpoint, a lightweight agent designed to protect developers’ endpoints...
Axios supply chain attack victim posts postmortem to prevent a repeat
Another supply chain security threat emerged this week with the compromise of Axios. It is a popular JavaScri...
North Korea behind social engineering attack on Axios project
The maintainer of the popular npm package Axios has revealed how attackers were able to take over his account...
Axios npm package compromised, posing a new supply chain threat
Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026....
New npm browser npmx addresses shortcomings of npmjs
An initiative within the JavaScript community is attempting to offer an alternative to the way developers vie...
AI hallucinates in 28 percent of dependency upgrades
AI that recommends dependency upgrades without checking actual sources creates a dangerous situation. New res...
Microsoft gives guidance on Shai-Hulud 2.0 supply chain attack
The return of the Shai-Hulud supply chain attack was dubbed 'The Second Coming' shortly after the first warni...
Shai-Hulud 2.0’s impact appears vast as NPM ecosystem struggles to cope
The NPM ecosystem is once again facing a serious supply chain attack. While the previous Shai-Hulud infection...