World’s Largest Supply Chain Cyber Attack… And just 5 Cents Stolen?
You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js packages with BILLIONS of downloads...
You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js packages with BILLIONS of downloads...
In 2015, strange 9000.0.x versions of PrismJS appeared on npm downloads, and nobody had a clue where they came from,...
This week, NodeJS project has released fixes for a DoS vulnerability, CVE-2020-8277, that could be triggered via DNS requests. An...
A new family of Discord malware has been spotted by Sonatype this week. Known as CursedGrabber, multiple strands of this...
Multiple NodeJS packages laden with malicious code have been spotted on npm registry. These "typosquatting" packages served no purpose other...
More than 20,000 GitHub projects rely on the Node.js standard-version utility to implement semantic versioning (semver) and for generating CHANGELOG...