npm

NPM package caught using QR Code to fetch cookie-stealing malware

Show HN: Tips to stay safe from NPM supply chain attacks

Oh no, not again a meditation on NPM supply chain attacks

Which NPM package has the largest version number?

Hackers left empty-handed after massive NPM supply-chain attack

You too can run malware from NPM (I mean without consequences)

NPM debug and chalk packages compromised

Rampant emoji use suggests crypto-stealing NPM package was written by AI

Not pretty, not Windows-only: npm phishing attack laces popular packages with malware

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

npm 'accidentally' removes Stylus package, breaks builds and pipelines

NPM: Issues with package install, package publish, and login

Dozens of malicious packages on NPM collect host and network data

Destructive malware available in NPM repo went unnoticed for 2 years

Malware found on NPM infecting local package with reverse shell

New npm attack poisons local packages with backdoors

Lazarus Group deceives developers with 6 new malicious NPM packages

Is npm Enough? Why Startups Are Coming After This JavaScript Package Registry

North Korea targets crypto developers via NPM supply chain attack

Fake VS Code Extension on NPM Spreads Multi-Stage Malware