Everything there is to find on tag: npm.
NPM hit again by Shai-Hulud worm attack
A large-scale cyberattack has once again hit the NPM ecosystem. Following the first Shai-Hulud worm in Septem...
Tag: npm
Timeline
Supply chain hack affects billions of npm downloads
On September 8, several popular npm packages were compromised after a successful phishing attack on a maintai...
Malicious NPM packages deceive WhatsApp developers
Researchers at Socket have discovered two malicious NPM packages that pose as legitimate WhatsApp development...
Open-source malware surges 188 percent, targeting developers
Sonatype discovered 16,279 malicious open-source packages in Q2 2025, marking a 188 percent increase from the...
GitHub proposal for Sigstore adoption faces backlash from developers
Developers object to GitHub's suggestion to use Sigstore to enhance network security by connecting npm packa...
17 malicious packages found in Node.js Package Manager (NPM)
Another 17 malicious packages have been discovered in an open-source repository by researchers. In recent tim...
Security warnings in ‘npm audit’ are distracting developers
Dan Abramov, a software engineer at Facebook published a plea last week to fix a particularly problematic Jav...
GitHub buys open-source JavaScript registry npm
GitHub, part of Microsoft, is investing heavily in the open source software community. Recently, the startup ...
Microsoft discovers malicious npm package
Microsoft has discovered a malicious npm package that steals data from Unix systems. The npm (Node Package Ma...