InfoQ

Npm, Inc. Announces Npm Pro for Independent JavaScript Developers

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Ramya Krishnamoorthy shares a detailed case ...
InfoQ

Node.js 10.0 and npm 6 Released with Emphasis on Security

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
InfoWorld

How one yanked JavaScript package wreaked havoc

When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem Developers ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
HHS

Shai Hulud Burrows Into NPM Repository

An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...