Malicious npm packages posing as utilities delete project directories
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but,…
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 16Â popular Gluestack ‘react-native-aria’ packages with over 950,000 weekly downloads were…
Dozens of malicious packages on NPM collect host and network data
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and…
Destructive malware available in NPM repo went unnoticed for 2 years
Some of the payloads were limited to detonate only on specific dates in 2023, but in some cases…
Deno 2.3 adds compile improvements, support for local NPM packages
Deno Land has released Deno 2.3, an update of the company’s JavaScript and TypeScript runtime that brings improvements…
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data…
Crypto-stealing Npm Packages Linked To North Korean Hackers, Researchers Warn
North Korean hackers have released six fake software packages to steal cryptocurrency from developers. The Lazarus Group created…
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group…
Malicious Rspack, Vant packages published using stolen NPM tokens
Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors…
the easiest way without installing any extra NPM package
When writing unit tests for your JavaScript code, especially when dealing with time-dependent functionalities, it’s crucial to control…