The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

First, people need to remember that the original attack on tools like ChalkJS was a successful MFA phishing attempt on npm’s ...
InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
Linux Journal

Installing and Using Yarn on Ubuntu

Yarn is a powerful JavaScript package manager that is compatible with npm and helps automate the process of installing, updating, configuring, and removing npm packages. Yarn provides speed and ...
TheServerSide

The secret history behind the success of npm and Node

Community driven content discussing all aspects of software development from DevOps to design patterns. When JavaScript was first introduced, it was a programming toy that sort of worked, but worked ...
Infosecurity-magazine.com

New Campaigns Use Malicious npm Packages to Support Phishing Kits

Several malicious npm packages on the open-source repository have been used in supply chain attacks and phishing campaigns. The claims come from ReversingLabs researchers, who said in a blog post ...
Threat Post

Attackers Use Typo-Squatting To Steal npm Credentials

Criminals used a typo-squatting technique and uploaded rogue JavaScript libraries to a popular code repository npm. Hackers seeking developer credentials used typo-squatting to spread malicious code ...