The Register on MSN

GitHub moves to tighten npm security amid phishing, malware plague

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...

Ledger CTO warns of shocking NPM attacks by crypto hackers

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...
SecurityWeek

GitHub Boosting Security in Response to NPM Supply Chain Attacks

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

New NPM attack: Self-replicating malware infects dozens of packages

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...

First npm worm "Shai-Hulud" released in supply chain attack

A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm ...
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
InfoQ

NPM Adopted Rust to Remove Performance Bottlenecks

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...