Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...
A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. More than ...
The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.
The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS. If you’re building JavaScript ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
The team behind npm, the biggest package manager for JavaScript libraries, has issued a security alert yesterday, advising all users to update to the latest version (6.13.4) to prevent "binary ...
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
A 'logical flaw' in the npm registry enabled authors of malicious packages to quietly add anyone and any number of users as 'maintainers' to their packages in an attempt to boost the trust in their ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback