Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
Bleeping Computer

Compromised JavaScript Package Caught Stealing npm Credentials

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
Dark Reading

Once Again, Malware Discovered Hidden in npm

Two code packages named "nodejs-encrypt-agent" in the popular npm JavaScript library and registry recently were discovered containing the open source information-stealing TurkoRat malware. Researchers ...
Business Wire

npm Announces 2019 Predictions for JavaScript

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., which runs the world’s largest software registry and maintains the ‘npm’ software development tool, today announced JavaScript predictions for 2019 and ...
ZDNet

Microsoft buys JavaScript developer platform npm; plans to integrate it with GitHub

Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of ...
Business Wire

npm, Inc. Launches npm Pro, New Tool for JavaScript Developers

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., the open source JavaScript developer tools provider and operator of the world’s largest software registry, today announced npm Pro, the first professional ...