NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
Microsoft is to acquire Node Package Manager (npm) and integrate the technology with GitHub. The software giant believes integrating npm with GitHub will make the combined community even more ...
Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
Pac-Resolver, a widely used NPM library, has received a patch to address a high-severity remote code execution (RCE) bug that could allow malicious actors to hijack a Node.js process via a corrupted ...
Microsoft owned GitHub has announced it is buying popular JavaScript repository npm for an undisclosed amount. The npm repository hosts over 1.3 million JavaScript libraries, containing over 75 ...
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it.
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
TEL AVIV, Israel and BOSTON, Feb. 2, 202/PRNewswire/ --WhiteSource, a leader in open source security and management, today released a new threat report based on malicious activity found in npm, the ...
With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.
A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which belong to CrowdStrike. Recently, there were reports of the tinycolor npm ...