Microsoft is to acquire Node Package Manager (npm) and integrate the technology with GitHub. The software giant believes integrating npm with GitHub will make the combined community even more ...
NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
Pac-Resolver, a widely used NPM library, has received a patch to address a high-severity remote code execution (RCE) bug that could allow malicious actors to hijack a Node.js process via a corrupted ...
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it.
Microsoft owned GitHub has announced it is buying popular JavaScript repository npm for an undisclosed amount. The npm repository hosts over 1.3 million JavaScript libraries, containing over 75 ...
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
TEL AVIV, Israel and BOSTON, Feb. 2, 202/PRNewswire/ --WhiteSource, a leader in open source security and management, today released a new threat report based on malicious activity found in npm, the ...
With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.