The package at the heart of this weekend's problems is named is-promise. The library consists of two lines of raw source code, and developers can use it in their projects via a one-liner call.

The JavaScript (npm) package that got compromised is called eslint-scope, a sub-module of the more famous ESLint, a JavaScript code analysis toolkit. Hacker gained access to a developer's npm account ...

For comparison, express package has 13 million downloads/month atm. 13 users had more than 50 million downloads/month. One of the passwords with access to publish koa was literally « password ».

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS.

More than 1,300 malicious packages have been identified in the most oft-downloaded JavaScript package repository used by developers, npm, in the last six months — a rapid increase that showcases ...

Design & Dev Facebook launches Yarn, a JavaScript package manager built for speed October 12, 2016 - 9:32 am Image by: Facebook ...

GitHub has announced plans to acquire npm. Npm is the company behind the Node package manager for the programming language JavaScript, the npm Registry and npm CLI. “npm is a critical part of ...

Package locking was not a first-class citizen in the JavaScript ecosystem at the time, for one thing. Yarn was developed as part of a collaboration between Facebook, Google, Exponent, and Tilde.

The popular NPM JavaScript package manager and registry has been hit with an influx of malicious packages, the most harmful of which are related to data theft, crypto mining, botnets, and remote ...