InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
Bleeping Computer

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.
TechRadar

North Korean hackers are using malicious npm packages to target developers

North Korean state-sponsored threat actors were observed pushing malicious packages into the npm registry, in an attempt to infiltrate endpoints belonging to software developers. This time around, ...
CSOonline

Malicious npm packages use Ethereum blockchain for malware delivery

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub repo. Attackers behind a recent supply chain attack that involved rogue ...
TechRadar

Malicious npm packages use devious backdoors to target users

Security researchers from Reversing Labs find two malicious packages on npm These serve as downloaders and target software developers building on the Ethereum blockchain The malware opens a reverse ...