Hackaday

What Does GitHub’s Npm Acquisition Mean For Developers?

Microsoft’s open-source shopping spree has claimed another victim: npm. [Nat Friedman], CEO of GitHub (owned by Microsoft), announced the move recently on the GitHub blog. So what motivated the ...
TechJuice

Developers Hit as Fake WhatsApp API Package Emerges on npm

Security researchers discovered a fake WhatsApp API package on npm that steals developer credentials, raising fresh alarms ...
Yahoo Finance

What Does Mass NPM Attack Mean For Crypto: Is Ledger SAFU?

A recent supply chain hack has seen malware injected into NPM packages with over 2.6Bn weekly downloads after compromising a maintainer’s account in a phishing attack. The NPM attack is causing a lot ...
TheStreet.com

How to stay safe if you’re using MetaMask, Phantom, Trust or any crypto wallet from NPM attack

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.
InfoWorld

NPM JavaScript registry mishaps: What to do

Concerned users can set up their own backup system if they don’t trust the steps NPM Inc. has taken to prevent problems The NPM registry of JavaScript packages has become a critical cog in the ...