NodeSource’s Certified Modules service, intended to ensure the safety of NPM modules, becomes generally available on Thursday. Previously available only in a private beta stage, the service for ...
The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. The developer ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...