Dark Reading

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...
InfoWorld

Safety in Node.js: NodeSource to certify NPM modules

NodeSource’s Certified Modules service, intended to ensure the safety of NPM modules, becomes generally available on Thursday. Previously available only in a private beta stage, the service for ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
Threat Post

Malicious Npm Packages Tapped Again to Target Discord Users

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. Threat actors once again are using the node ...
InfoWorld

Deno 1.30 backs built-in Node.js modules

With Deno, npm packages have already had access to built-in Node.js modules such as fs (file system), path, process, and others through the runtime’s Node.js compatibility layer.
TMCnet

Constructive Launches pgpm: Modular Postgres for Large-Scale Application Development

SAN FRANCISCO, Dec. 17, 2025 /PRNewswire/ -- Constructive, the open-source modular Postgres platform, today announced the ...