News

CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
Bleeping Computer

Malware found in NPM packages with 1 million weekly downloads

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences. The malicious code is heavily ...
Hackaday

This Week In Security: NPM, Kerbroasting, And The Rest Of The Story

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...