Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...

Microsoft released TypeScript 6.0 on March 23, the last version built on the original JavaScript codebase, with three post-RC changes and a wave of deprecations designed to ready codebases for the ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new browser for the npm registry has launched in alpha, following grassroots ...

Nasdaq Private Market (“NPM”), a leading platform for private market liquidity and infrastructure, today announced that it ...

Hackers exploited a compromised npm package to breach cloud systems and gain full AWS administrator access within 72 hours.