#npm

[ follow ]
#malware
fromIT Pro
1 month ago
Node JS

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Node JS
fromBleepingComputer
2 months ago

Dozens of malicious packages on NPM collect host and network data

60 malicious NPM packages were found that collect sensitive data and send it to threat actors through Discord webhooks.
Threat actors employed names similar to legitimate packages to deceive developers and infiltrate systems.
Node JS
fromIT Pro
1 month ago

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Over a dozen NPM packages have been compromised, delivering malware that allows attackers to control infected machines.
Node JS
fromDeveloper Tech News
2 months ago

Package lurking in npm for six years waits to destroy your work

A malicious npm package, disguised as a legitimate tool, has been uncovered, potentially endangering numerous projects.
The xlsx-to-json-lh package highlights vulnerabilities in package management due to misleading naming.
Node JS
fromBleepingComputer
2 months ago

Dozens of malicious packages on NPM collect host and network data

60 malicious NPM packages were found that collect sensitive data and send it to threat actors through Discord webhooks.
Threat actors employed names similar to legitimate packages to deceive developers and infiltrate systems.
more#malware
#phishing
more#phishing
fromBleepingComputer
1 week ago

npm 'accidentally' removes Stylus package, breaks builds and pipelines

npm has taken down all versions of the real Stylus library and replaced them with a 'security holding' page, breaking pipelines and builds worldwide that rely on the package.
Web development
#north-korea
Node JS
fromThe Hacker News
3 months ago

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

North Korean threat actors are using npm packages to spread BeaverTail malware and a new RAT loader, indicating advanced obfuscation techniques.
Node JS
fromThe Hacker News
3 months ago

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

North Korean threat actors are using npm packages to spread BeaverTail malware and a new RAT loader, indicating advanced obfuscation techniques.
more#north-korea
fromInfoQ
1 month ago

Deno 2.3 Now Supports Local NPM Packages

Deno 2.3 enhances local NPM package support and deno compile for streamlined development.
#cybersecurity
Node JS
fromThe Hacker News
3 months ago

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Three malicious npm packages disguised as a Telegram bot library have been found, containing SSH backdoors and data exfiltration functionalities.
fromThe Hacker News
8 months ago
Information security

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

A software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.
Node JS
fromThe Hacker News
3 months ago

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Three malicious npm packages disguised as a Telegram bot library have been found, containing SSH backdoors and data exfiltration functionalities.
Information security
fromThe Hacker News
8 months ago

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

A software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.
more#cybersecurity
Node JS
fromInfoWorld
1 month ago

NPM adds Workspaces for managing multiple packages

NPM 7.0.0 introduces Workspaces and automatic peer dependency installation, streamlining package management for developers.
fromInfoWorld
1 year ago

Deno boosts dependency management with JSR

Deno 1.42 includes major updates for Node.js and NPM compatibility, enhancing modules such as async_hooks, crypto, and worker_threads for improved performance.
Node JS
Node JS
fromInfoWorld
2 months ago

Node.js 24 drops MSVC support

Node.js 24 brings significant updates to the V8 engine and NPM, crucial for JavaScript development.
fromThe Hacker News
3 months ago

Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses

Attackers upload malicious npm packages to target crypto wallet software, enabling them to manipulate transactions covertly.
fromHackernoon
4 years ago

How to Automatically Publish Your NPM Package Using GitHub Actions | HackerNoon

Automating the npm package publishing process through CI/CD helps ensure that each release is tested and is free of errors, enhancing overall project quality.
JavaScript
[ Load more ]