Maintainer, the package is, which is downloaded around 2.7 million times a week, was infected with a malware loader.

The "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was ...

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers ...

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing ...

The package at the heart of this weekend's problems is named is-promise. The library consists of two lines of raw source code, and developers can use it in their projects via a one-liner call.

Named discord.dll, the malicious JavaScript library is still available via npm, a web portal, command-line utility, and package manager for JavaScript programmers.

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS.

For comparison, express package has 13 million downloads/month atm. 13 users had more than 50 million downloads/month. One of the passwords with access to publish koa was literally « password ».

Facebook today is open-sourcing Yarn, a package manager for efficiently installing JavaScript packages that represent dependencies for applications. Yarn is available now on GitHub under a BSD-2 ...

JavaScript package offers a smarter way to serve hi-res images Adam Bradley’s clever Foresight.js checks for screen resolution and network … Scott Gilbertson, wired.com – Apr 21, 2012 9:12 ...