Read news on npm with our app.
Read more in the app
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks
GitHub pulls pin on npm's auto-run scripts
Upcoming breaking changes for npm v12
Fake web3 Job interview deploys stealthy cross platform (macOS/Windows) malware via compromised NPM packages in take home assessment
Dozens of Red Hat packages backdoored through its official NPM channel
Malicious npm packages detected across Red Hat Cloud Services
Valid certificates, stolen accounts: how attackers broke npm's last trust signal
Staged publishing and new install-time controls for npm
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
Show HN: Safe-install – safer NPM installs with trusted build dependencies
Post Mortem: axios NPM supply chain compromise
Claude Code source code accidentally leaked in NPM package
Claude Code full source code leaked on NPM
Claude Code's source code has been leaked via a map file in their NPM registry
Axios compromised on NPM – Malicious versions drop remote access trojan
Qite.js – Frontend framework for people who hate React and love HTML
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
NPM install is stealing your passwords – I built a tool to catch it
NPMX – a fast, modern browser for the NPM registry