Dark Reading

150,000 Packages Flood NPM Registry in Token Farming Campaign

A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz ...

Inside Homebrew: How to get the best open source software on Mac, for free

Homebrew is the best source for open source software yet, and makes installation easy. Here's what Homebrew is, how it works, ...
InfoWorld

Worm flooding npm registry with token stealers still isn’t under control

Goal is to steal Tea tokens by inflating package downloads, possibly for profit when the system can be monetized.