The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers.
A package with 26 million weekly downloads carried a major flaw which has since been addressed.
North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...
Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...
North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely across the crypto ecosystem — according to new research from cybersecurity firm ...
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially ...
This framework demonstrates that sophisticated web development doesn't require complex tooling. Built entirely with vanilla JavaScript and zero external dependencies ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback