The NPM client that works with the registry is distributed with the Node.js JavaScript runtime. Amidst the turmoil, NPM has added an enterprise security policies capability to NPM Enterprise.

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

The NPM registry of JavaScript packages has become a critical cog in the language’s ecosystem, letting developers discover and use reusable code packages.

North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm ...