InfoQ

Making 'npm install' Safe

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. This article presents a least-privilege AI ...
Bleeping Computer

NPM packages posing as speed testers install crypto miners instead

A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the ...
Bleeping Computer

Malicious NPM packages used to install njRAT remote access trojan

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows ...
The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
ZDNet

Microsoft buys JavaScript developer platform npm; plans to integrate it with GitHub

Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of ...