The package at the heart of this weekend's problems is named is-promise. The library consists of two lines of raw source code, and developers can use it in their projects via a one-liner call.

The JavaScript (npm) package that got compromised is called eslint-scope, a sub-module of the more famous ESLint, a JavaScript code analysis toolkit. Hacker gained access to a developer's npm account ...

└──getcookies Mailparser is an npm package for parsing email data using JavaScript. This is an old library, and one that's been deprecated in favor of a newer one named "Nodemailer." ...

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS.

More than 1,300 malicious packages have been identified in the most oft-downloaded JavaScript package repository used by developers, npm, in the last six months — a rapid increase that showcases ...

Design & Dev Facebook launches Yarn, a JavaScript package manager built for speed October 12, 2016 - 9:32 am Image by: Facebook ...

GitHub has announced plans to acquire npm. Npm is the company behind the Node package manager for the programming language JavaScript, the npm Registry and npm CLI. “npm is a critical part of ...

Package locking was not a first-class citizen in the JavaScript ecosystem at the time, for one thing. Yarn was developed as part of a collaboration between Facebook, Google, Exponent, and Tilde.