Bleeping Computer

Hackers breach Toptal GitHub account, publish malicious npm packages

Update 8/5/25: Added Toptal's statement at the end of the article, which says their investigation determined noone was impacted by this breach. Hackers compromised Toptal's GitHub organization account ...
InfoWorld

Inside NPM: Building and sharing JavaScript packages

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS. If you’re building JavaScript ...
ZDNet

Hundreds more packages found in malicious npm 'factory'

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor ...
InfoWorld

TypeScript 3.9 slashes compile times for packages

TypeScript 3.9, the latest version of the popular typed superset of JavaScript from Microsoft, is now available as a production release. The upgrade graduated from a release candidate stage and cross ...
TechRadar

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systems Malware targeted system keyrings, bypassing app-level security to steal decrypted credentials Affected users must ...
ZDNet

Could TypeScript replace JavaScript? Use of programming language spin-off soars

There's now more evidence that Microsoft's language for scaled-up JavaScript, TypeScript, is becoming an essential for developers building for the internet. Developer analyst firm RedMonk last month ...