npm

Rampant emoji use suggests crypto-stealing NPM package was written by AI

Not pretty, not Windows-only: npm phishing attack laces popular packages with malware

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

npm 'accidentally' removes Stylus package, breaks builds and pipelines

NPM: Issues with package install, package publish, and login

Dozens of malicious packages on NPM collect host and network data

Destructive malware available in NPM repo went unnoticed for 2 years

Malware found on NPM infecting local package with reverse shell

New npm attack poisons local packages with backdoors

Lazarus Group deceives developers with 6 new malicious NPM packages

Is npm Enough? Why Startups Are Coming After This JavaScript Package Registry

North Korea targets crypto developers via NPM supply chain attack

Fake VS Code Extension on NPM Spreads Multi-Stage Malware

My failed attempt to shrink all NPM packages by 5%

Snyk security researcher deploys malicious NPM packages targeting cursor.com

70% of new NPM packages in last 6 months were spam

Zed Editor automatically downloads binaries and NPM packages without consent

NPM and NodeJS should do more to make ES Modules easy to use

NPM package is-even has over 140k weekly downloads

NPM Users Download 2.1B Deprecated Packages Weekly, Say Security Researchers