SecurityWeek

GitHub Boosting Security in Response to NPM Supply Chain Attacks

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...
The Register on MSN

GitHub moves to tighten npm security amid phishing, malware plague

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...
The Hacker News

Search results for download npm latest version | Breaking Cybersecurity News | The Hacker News

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli , were compromised in a software supply chain attack that allowed a malicious actor to publish ...
SiliconANGLE

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...
GitHub

(FR): npm could capture package download metrics.

If npm captured package download metrics. For example, every time someone ran npm install or npm ci, it would send npm the version of nodejs used to download it. On the npm dashboard, the package ...
The Hacker News

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised ...
GitHub

Node Version Manager Desktop

nvm-desktop is a desktop application that helps you manage multiple Node.js versions through a visual interface. The application is built using Tauri and supports macOS, Windows, and Linux systems. It ...