InfoWorld

NPM 2.0 courts enterprises with Node.js module management

NPM, the standard package manager used with Node.js, enjoyed a 2.0 release this past week. Outfitted with new features and fixes, its release process has also been revised to satisfy both those who ...
Bleeping Computer

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
adtmag.com

npm Naming Squabble Breaks Thousands of JavaScript Builds

You know that sickening feeling when you're happily coding along and all of the sudden your project won't build and you just can't figure out why? That can lead to hours of nerve-wracking, ...
IT News For Australia Business

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
InfoWorld

Node.js alert: Google engineer finds flaw in NPM scripts

Node.js developers, run NPM install at your own risk -- a self-replicating worm can easily spread through the ecosystem Never assume a file downloaded from the Internet is safe. That warning also ...