CSOonline

Malicious code in the Node.js npm registry shakes open source trust model

Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...
GIGAZINE

Maintainers add malicious code targeting Russian developers to the open source npm package 'node-ipc'

Vue.js, a JavaScript framework for building UI for web applications developed in open source, that malicious code targeting developers living in Russia and Belarus has been added. Announced by ...
Dark Reading

Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info

Four packages containing highly obfuscated malicious Python and JavaScript code were discovered this week in the Node Package Manager (npm) repository. According to a report from Kaspersky, the ...