News
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...
Less $50 worth of crypto has been stolen from the large-scale JavaScript libraries attack on Monday, which targeted Ethereum ...
Most JavaScript developers are familiar with the npm package manager, which was originally developed by Isaac Schlueter. What many probably don’t know is that npm is also a company co-founded by ...
The package at the heart of this weekend's problems is named is-promise. The library consists of two lines of raw source code, and developers can use it in their projects via a one-liner call.
Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...
1d
Largest supply chain attack in history targets crypto users through compromised JavaScript packages
A new cyberattack is silently targeting crypto from users during transactions amid an incident that security researchers ...
"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...
GitHub has announced plans to acquire npm. Npm is the company behind the Node package manager for the programming language JavaScript, the npm Registry and npm CLI.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback