npm

NPM flooded with malicious packages downloaded more than 86,000 times

Cleaning house in Nx monorepo, how i removed unused deps safely

NPM package caught using QR Code to fetch cookie-stealing malware

Show HN: Tips to stay safe from NPM supply chain attacks

Oh no, not again a meditation on NPM supply chain attacks

Which NPM package has the largest version number?

Hackers left empty-handed after massive NPM supply-chain attack

You too can run malware from NPM (I mean without consequences)

NPM debug and chalk packages compromised

Rampant emoji use suggests crypto-stealing NPM package was written by AI

Not pretty, not Windows-only: npm phishing attack laces popular packages with malware

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

npm 'accidentally' removes Stylus package, breaks builds and pipelines

NPM: Issues with package install, package publish, and login

Dozens of malicious packages on NPM collect host and network data

Destructive malware available in NPM repo went unnoticed for 2 years

Malware found on NPM infecting local package with reverse shell

New npm attack poisons local packages with backdoors

Lazarus Group deceives developers with 6 new malicious NPM packages

Is npm Enough? Why Startups Are Coming After This JavaScript Package Registry