News

The Register on MSN2d
Rampant emoji use suggests crypto-stealing NPM package was written by AI
Kodane code was either machine-generated or done by a teenager An NPM package packed with cryptocurrency-stealing malware ...
The Register on MSN11d
Not pretty, not Windows-only: npm phishing attack laces popular packages with malware
The "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was ...
npm 'accidentally' removes Stylus package, breaks builds and pipelines
Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the ...
The Hacker News3d
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
In the npm ecosystem, postinstall scripts are often overlooked attack vectors—they run automatically after a package is ...
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers ...
Supply-chain attacks on open source software are getting out of hand
It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...
CSO Online11d
Supply chain attack compromises npm packages to spread backdoor malware
In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing ...
Npm package with millions of downloads is at risk from malware hijacking
Experts have warned that ‘is’, an npm package with more than 2.8 million weekly downloads, was also compromised in the same manner, and served malware for roughly six hours.
Business Insider6y
NPM Co-Founder and Chief Data Officer Laurie Voss Resigns - Business ...
NPM co-founder Isaac Schlueter, who was the CEO until he was replaced by Bryan Bogensberger, remains as the company's chief product officer. Visit Business Insider's homepage for more stories.