North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new ...

Another one-line npm package breaks the JavaScript ecosystem An update to tiny "is-promise" library impacted millions of JavaScript projects.

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.

PackageX helps businesses automate package receiving with AI-driven software for fast, accurate, and hassle-free logistics.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious ...

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS. If you’re building ...

At around 5:30PM ET on Tuesday, JavaScript broke. More specifically, npm, the package manager used by most JavaScript developers to source, test, and prepare their code for release, began failing ...

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

GitHub has announced plans to acquire npm. Npm is the company behind the Node package manager for the programming language JavaScript, the npm Registry and npm CLI. “npm is a critical part of ...