The npm registry is once again in the spotlight, this time battling a malware campaign using malicious packages to map ...

NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor.

Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node ...

Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open ...

Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor, researchers warn.

Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.

Security researchers have identified three malicious NPM packages posing as developer tools for the AI-supported code editor Cursor. The malware specifically targets macOS users and installs a ...

The NPM package, xrpl, is a JavaScript/TypeScript ... being called by various functions to steal private keys. Analysis of the different versions the attacker(s) released showed signs of ...

Many Hackaday readers will be familiar with npm (Node Package Manager), one of the backbones of the open-source JavaScript community. If you’ve played around with any kind of web or JavaScript p ...

Researchers at software supply chain management firm Sonatype have warned that attackers are increasingly using malicious 'typosquatting' packages infiltrating open source repositories to steal ...