The package at the heart of this weekend's problems is named is-promise. The library consists of two lines of raw source code, and developers can use it in their projects via a one-liner call.

The JavaScript (npm) package that got compromised is called eslint-scope, a sub-module of the more famous ESLint, a JavaScript code analysis toolkit. Hacker gained access to a developer's npm account ...

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS.

GitHub has announced plans to acquire npm. Npm is the company behind the Node package manager for the programming language JavaScript, the npm Registry and npm CLI. “npm is a critical part of ...

More than 1,300 malicious packages have been identified in the most oft-downloaded JavaScript package repository used by developers, npm, in the last six months — a rapid increase that showcases ...

Design & Dev Facebook launches Yarn, a JavaScript package manager built for speed October 12, 2016 - 9:32 am Image by: Facebook ...

On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects.

Package locking was not a first-class citizen in the JavaScript ecosystem at the time, for one thing. Yarn was developed as part of a collaboration between Facebook, Google, Exponent, and Tilde.