CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
TechJuice

Massive npm Supply-Chain Attack: Shai-Hulud Worm Infects Over 180 Packages

A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...

Unofficial Postmark MCP npm silently stole users' emails

A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single ...