Threat Post

Dev Sabotages Popular NPM Package to Protest Russian Invasion

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. The developer ...
Bleeping Computer

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...

npmx package browser released as alpha to fix pain of using npmjs

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...
Dark Reading

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...
IT News For Australia Business

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
adtmag.com

New in Node.js: Certified Modules, Free Orgs Collaboration Tool

New developments in the popular Node.js ecosystem include curated Certified Modules from NodeSource and a free version of the Orgs collaboration tool from npm Inc. Node.js is an open source, ...