In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli , were compromised in a software supply chain attack that allowed a malicious actor to publish ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...

If npm captured package download metrics. For example, every time someone ran npm install or npm ci, it would send npm the version of nodejs used to download it. On the npm dashboard, the package ...

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised ...

nvm-desktop is a desktop application that helps you manage multiple Node.js versions through a visual interface. The application is built using Tauri and supports macOS, Windows, and Linux systems. It ...