The Hacker News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

主流 JavaScript 软件包管理平台 npm 遭供应链投毒攻击,影响多个热门 ...

IT之家5 月 25 日消息,国家网络安全通报中心今日发布预警,称监测发现,全球主流 JavaScript 软件包管理平台 npm 遭“沙虫”(Shai-Hulud)供应链投毒攻击。攻击者攻陷了 npm 官方维护者账户,并在短时间内批量投放大量恶意软件包,涉及 300 余个独立程序包的 600 余个恶意版本,影响多个热门开源项目。 据介绍,当开发者安装恶意依赖包后,程序会自动在本地主机、CI / ...
17173游戏网

主流 JavaScript 软件包管理平台 npm 遭供应链投毒攻击,影响多个热门 ...

npm遭供应链投毒攻击!300余个软件包被植入恶意代码,窃取GitHub Token等敏感信息。立即查看受影响项目清单及官方处置建议,保护你的开发环境安全。 5 月 25 日消息,国家网络安全通报中心今日发布预警,称监测发现,全球主流 JavaScript 软件包管理平台 npm 遭 ...
MSN on MSN

This JavaScript risk could cost developers dearly

Recently, npm, the essential package manager used by developers worldwide, suffered a massive supply chain attack. This ...
腾讯网

主流JavaScript软件包管理平台npm遭供应链投毒攻击

新京报讯 据国家网络安全通报中心消息,监测发现,全球主流JavaScript软件包管理平台npm遭“沙虫”(Shai-Hulud)供应链投毒攻击。攻击者攻陷了npm官方维护者账户,并在短时间内批量投放大量恶意软件包,涉及300余个独立程序包的600余个恶意版本,影响多个热门 ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

VS Code 再次倒戈!正式切到 Vite+!

但如果仔细看就会发现,目前 npm.scriptRunner 支持的其实都是 JavaScript 生态最主流的工具: 很多人第一次听到 Vite+ 时,会下意识认为它是: ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...