Here you will find all the articles with the tag: npm.
Developers object to GitHub's suggestion to use Sigstore to enhance network security by connecting npm packages to their inputs. GitHub, which runs the npm package management system, is offering to incorporate new security features to npm because npm is regularly used by many JavaScript and Typ... Read more
2 years ago
Another 17 malicious packages have been discovered in an open-source repository by researchers. In recent times, it has become clearer that these repositories can, have been, and will continue to be used to spread malware. The malicious code was found in NPM, where 11 million developers trade mo... Read more
2 years ago
Dan Abramov, a software engineer at Facebook published a plea last week to fix a particularly problematic JavaScript security tool. Its creators agreed that it could be improved. In his blog post, Abramov said that ‘as of today, npm audit is a stain on the entire npm ecosystem.' He added that ... Read more
3 years ago
GitHub, part of Microsoft, is investing heavily in the open source software community. Recently, the startup and open source registry for JavaScript software packages npm was taken over. With the takeover, the well-known open-source community gets a software package regisrty with a total of 1.3 ... Read more
4 years ago
Microsoft has discovered a malicious npm package that steals data from Unix systems. The npm (Node Package Manager) security team for JavaScript has taken the malicious package off the air. The malicious package is called 1337qq-js and was uploaded to the npm repository on December 30th. The pac... Read more
4 years ago
