InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
Threat Post

Thousands of Malicious npm Packages Threaten Web Apps

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. More than ...
Bleeping Computer

Blockchain dev's wallet emptied in "job interview" using npm package

A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm ...
Yahoo

North Korean hackers are using malicious npm packages to target developers

Add Yahoo as a preferred source to see more of our stories on Google. North Korean state-sponsored threat actors were observed pushing malicious packages into the npm registry, in an attempt to ...
Hosted on MSN

New NPM supply-chain attack compromises major ENS and crypto libraries

A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely across the crypto ecosystem — according to new research from cybersecurity firm ...
Bleeping Computer

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.
InfoWorld

Deno adds support for private NPM registries

Deno Land has released Deno 1.44, the latest version of the JavaScript, TypeScript, and WebAssembly runtime rivaling Node.js. The upgrade adds support for private NPM registries, letting developers ...