npm

Where did these mysterious PrismJS npm versions come from?

Shedding light on mysterious 9000.0.x versions of PrismJS that had left everyone puzzled in 2015, and weren't removed until 2019.

4 years ago

Grayhat pollutes npm, PyPI with thousands of fake supply chain dependencies

A gray hat hacker has published over 7,000 dependency confusion packages to npm and PyPI repositories, and continues to post…

4 years ago

DoS flaw lets attackers crash NodeJS apps via DNS lookups

NodeJS has released fixes for CVE-2020-8277, a DoS vulnerability that could be triggered via DNS requests.

4 years ago

‘CursedGrabber’ Discord malware possibly linked to Russian and Ukrainian hackers

Newly discovered Discord malware "CursedGrabber" has possible links to Russia and Ukraine. It was found infiltrating the npm open source…

4 years ago

NodeJS malware caught exfiltrating IPs, username, and device information on GitHub

Multiple NodeJS packages laden with malicious code have been spotted on npm registry. These "typosquatting" packages served no purpose other…

4 years ago

This website uses cookies.