Business Wire

npm, Inc. Releases npm@6 Package Manager with Powerful, Built-In Security Protections

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., which runs the world’s largest software registry and maintains the `npm` software package management application, today announced npm@6, a major update to ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
ZDNet

Show-stopping bug appears in npm Node.js package manager

Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported ...
Hackaday

PhantomRaven Attack Exploits NPM’s Unchecked HTTP URL Dependency Feature

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...

After major attack: Package manager NPM cuts old security ties

First steps were taken a few days ago, and more are to follow. Users and developers in the NPM ecosystem must act in the coming weeks.

Infostealer for Windows, macOS and Linux found in ten packages on npm

The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to ...

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...