Security researchers warn that many npm packages are being deprecated and abandoned by their maintainers without a clear warning to users. Such packages can…
npm
-
-
Researchers have identified yet another malicious use for JavaScript packages hosted on the npm registry: hosting files required by automated phishing kits or slipping…
-
The npm (Node Package Manager) ecosystem of JavaScript packages has a by-design bug that attackers could potentially exploit to hide malicious dependencies and scripts…
-
Despite efforts taken in recent years to proactively monitor public software repositories for malicious code, packages that bundle malware continue to routinely pop up…
-
Application SecurityNewsSecurity
OpenSSF releases npm best practices to help developers tackle open-source dependency risks
The Open Source Security Foundation (OpenSSF) has released the npm Best Practices Guide to help JavaScript and TypeScript developers reduce the security risks associated…
-
Application SecurityNewsSecurity
Developer sabotages own npm module prompting open-source supply chain security questions
The developer of a popular JavaScript component hosted on the npm repository decided to protest Russia’s invasion of Ukraine by adding code to his…