npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Threat Post

Microsoft Azure Developers Awash in PII-Stealing npm Packages

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. Researchers have found hundreds of malicious packages in the ...