Since NPM laid off five employees, several more have resigned, while others have demanded better working conditions. Here's why there's turmoil at NPM.
Security researchers discovered a fake WhatsApp API package on npm that steals developer credentials, raising fresh alarms ...
A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm ...
Shai-Hulud 2.0 infected over 12,000 systems and exposed Trust Wallet keys that were used to steal $8.5 million from 2,520 ...
A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
Security researchers have uncovered two new malicious packages on the npm open source package manager that utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. These ...
Microsoft owned GitHub has announced it is buying popular JavaScript repository npm for an undisclosed amount. The npm repository hosts over 1.3 million JavaScript libraries, containing over 75 ...
In a surprising move, the popular open source project, SheetJS aka "xlsx," has dropped support for the npm registry. Downloaded about 1.4 million times weekly on npm, SheetJS is relied upon by NodeJS ...
OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., the open source JavaScript developer tools provider and operator of the world’s largest software registry, today announced 43% quarterly growth, adding 193 ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback