Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...
Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may already have impacted 10% of cloud environments. On Monday, a threat actor ...
Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results