12 stories tagged with #npm, in publish-time order across the WeSearch catalog. Tag pages update as new stories ingest.
⌘ RSS feed for this tag → or search "Npm"
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
Mini Shai-Hulud caught spreading credential-stealing malware The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Inter…
Ruby Gems and Go Modules Impersonate Dev Tools to Steal Secrets and Poison CI
GitHub account BufferZoneCorp published sleeper packages that later added credential theft, GitHub Actions tampering, fake go wrappers, and SSH persis...…
Intercom-client NPM package and lightning PyPI packages compromised
TeamPCP has delivered another software supply chain attack that they are calling mini shai-hulud. This campaign borrows ts best trick from North Korean campaigns like PolinRider a…
3 pnpm Settings to Protect Yourself from Supply Chain Attacks
3 pnpm Settings to Protect Yourself from Supply Chain Attacks
Official SAP NPM packages compromised to steal credentials
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems.…
How I Structured a TypeScript Monorepo with pnpm Workspaces
When spectr-ai started as a single package, everything lived in one directory: the CLI engine, the...…
Official SAP npm packages compromised to steal credentials
docker buildx finally cached my npm install properly
I built OWASP-style security skill packs for LLM apps (NPM install)
HTTPS: //Www.npmjs.com/ Is Down
NPM Website Is Down
Welcome to npm's home for real-time and historical data on system performance.…