A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...

The npm security team has removed today a malicious JavaScript library from the npm website that contained malicious code for opening backdoors on programmers' computers. The JavaScript library was ...

GitHub, the developer repository owned by Microsoft, made a little deal of its own this morning when it bought JavaScript packaging vendor npm for an undisclosed amount. As GitHub CEO Nat Friedman ...

Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of ...

IT之家 5 月 9 日消息，Node.js，这一广受欢迎的开源跨平台 JavaScript 运行环境，正式发布了 24.0 版本，新版本承诺带来更强的性能、更高的安全性以及更顺畅的开发体验。 Node.js 24.0 的亮点之一是 V8 JavaScript 引擎升级至 13.6 版本，引入了 Float16Array、显式资源管理 ...

The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript ...

轻量级 JavaScript 实用工具库 "is" 是 NPM 平台上的热门项目，每周下载量超过 220 万次。然而在 2025 年 7 月 19 日，该库开发者遭遇钓鱼攻击导致账户凭证泄露，攻击者借此发布了包含远程代码执行后门的恶意版本。 钓鱼攻击入侵开发者账户 据报告，项目维护者 John ...

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

You're currently following this author! Want to unfollow? Unsubscribe via the link in your email. Follow Rosalie Chan Every time Rosalie publishes a story, you’ll get an alert straight to your inbox!

Facebook has launched Yarn, an open source JavaScript package manager that promises faster and more reliable installs than the massively popular npm. The company says its new creation is capable of ...