npm

Warning: Fake npm Package Hijacks Crypto Wallets

• Malware

Warning: Fake npm Package Hijacks Crypto Wallets

ddos September 3, 2025

Researchers at Socket have uncovered a malicious npm package named nodejs-smtp, masquerading as the widely used nodemailer...

Read More Read more about Warning: Fake npm Package Hijacks Crypto Wallets

Supply Chain Attack on a Popular Dev Tool Is Stealing Crypto, Keys, and Tokens

• Malware

Supply Chain Attack on a Popular Dev Tool Is Stealing Crypto, Keys, and Tokens

ddos August 29, 2025

The NPM ecosystem has been struck by a new supply chain attack, this time targeting the Nx...

Read More Read more about Supply Chain Attack on a Popular Dev Tool Is Stealing Crypto, Keys, and Tokens

Malicious Go Module Targets Solana Devs, Leaking Data to a “U.S.-Based” Server

• Cybercriminals

Malicious Go Module Targets Solana Devs, Leaking Data to a “U.S.-Based” Server

ddos August 24, 2025

Researchers have uncovered a new politically tinged campaign targeting the Solana blockchain ecosystem and, apparently, developers of...

Read More Read more about Malicious Go Module Targets Solana Devs, Leaking Data to a “U.S.-Based” Server

Your Code Is Not Safe: Malicious NPM Packages Are Deleting Files

• Malware

Your Code Is Not Safe: Malicious NPM Packages Are Deleting Files

ddos August 9, 2025

Two malicious packages have been discovered in the NPM ecosystem, disguised as libraries for building bots and...

Read More Read more about Your Code Is Not Safe: Malicious NPM Packages Are Deleting Files

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

• Cybercriminals

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

ddos August 5, 2025

In the first half of 2025, Sonatype uncovered a large-scale, ongoing assault on the open-source software ecosystem,...

Read More Read more about Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

AI is the New Malware: AI-Generated Python Package Infects 1,500+ with Stealthy Crypto-Stealer

• Malware

AI is the New Malware: AI-Generated Python Package Infects 1,500+ with Stealthy Crypto-Stealer

ddos August 5, 2025

A malicious package discovered in the NPM ecosystem by researchers at Safety turned out to be far...

Read More Read more about AI is the New Malware: AI-Generated Python Package Infects 1,500+ with Stealthy Crypto-Stealer

npm Supply Chain Attack Exposes Devs to “Scavenger” Malware Via Phished Accounts

• Cybercriminals

npm Supply Chain Attack Exposes Devs to “Scavenger” Malware Via Phished Accounts

ddos July 25, 2025

A major incident has rocked the npm ecosystem: the widely-used package eslint-config-prettier suddenly received an update devoid...

Read More Read more about npm Supply Chain Attack Exposes Devs to “Scavenger” Malware Via Phished Accounts

npm Supply Chain Attack Exploited in the Wild – Phishing Steals Maintainer Tokens, Injects Malware into Popular Packages

• Cybercriminals

npm Supply Chain Attack Exploited in the Wild – Phishing Steals Maintainer Tokens, Injects Malware into Popular Packages

ddos July 22, 2025

Hackers have successfully injected malicious code into popular npm packages by leveraging a phishing campaign against project...

Read More Read more about npm Supply Chain Attack Exploited in the Wild – Phishing Steals Maintainer Tokens, Injects Malware into Popular Packages

AI Coding Assistants Under Attack: “Slopsquatting” Malware Exploits AI Hallucinations for Supply Chain Compromise

• Vulnerability

AI Coding Assistants Under Attack: “Slopsquatting” Malware Exploits AI Hallucinations for Supply Chain Compromise

ddos July 9, 2025

A new threat has emerged in the realm of AI-assisted programming, known as “slopsquatting.” This attack has...

Read More Read more about AI Coding Assistants Under Attack: “Slopsquatting” Malware Exploits AI Hallucinations for Supply Chain Compromise

North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs

• Malware

North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs

ddos June 27, 2025

A new wave of malicious npm packages has been uncovered, linked to the ongoing Contagious Interview operation,...

Read More Read more about North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs

GitHub has completed its acquisition of npm

• Technology

GitHub has completed its acquisition of npm

ddos April 17, 2020

GitHub issued an announcement that GitHub has completed the acquisition of npm. From the announcement of the...

Read More Read more about GitHub has completed its acquisition of npm

GitHub announces the formal acquisition of JavaScript package manager, npm

• Technology

GitHub announces the formal acquisition of JavaScript package manager, npm

ddos March 17, 2020

Today, Microsoft bought npm for GitHub. Information about the acquisition was published by GitHub CEO Nat Friedman....

Read More Read more about GitHub announces the formal acquisition of JavaScript package manager, npm