Attackers for at least a year have been using malicious Node Package Manager (npm) packages that mimic the popular "noblox.js" library to target Roblox game developers with malware that steals Discord ...

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.

First, people need to remember that the original attack on tools like ChalkJS was a successful MFA phishing attempt on npm’s ...

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The ...

A newly discovered malware campaign has leveraged malicious npm packages to deliver highly sophisticated reverse shells. Researchers at ReversingLabs identified two malicious packages, ...

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...

Security researchers have uncovered another large-scale, coordinated attack on the npm ecosystem, using worm-like techniques to spread spam packages. Dubbed “IndonesianFoods” due to the unique naming ...

npm has taken down all versions of the real Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. A security placeholder ...

As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...

Application testing company Checkmarx has warned developers to be on the lookout for malicious NPM packages, after discovering a new attack that employs typosquatting to impersonate two popular ...

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which belong to CrowdStrike. Recently, there were reports of the tinycolor npm ...