InfoWorld

NPM 2.0 courts enterprises with Node.js module management

NPM, the standard package manager used with Node.js, enjoyed a 2.0 release this past week. Outfitted with new features and fixes, its release process has also been revised to satisfy both those who ...
TechCrunch

Popular JavaScript Package Manager Npm Raises $8M, Launches Private Modules

Most JavaScript developers are familiar with the npm package manager, which was originally developed by Isaac Schlueter. What many probably don’t know is that npm is also a company co-founded by ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
Bleeping Computer

Compromised JavaScript Package Caught Stealing npm Credentials

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
IT News For Australia Business

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
Bleeping Computer

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
adtmag.com

npm Naming Squabble Breaks Thousands of JavaScript Builds

You know that sickening feeling when you're happily coding along and all of the sudden your project won't build and you just can't figure out why? That can lead to hours of nerve-wracking, ...