Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code ...

Attackers used 11 Go and 2 npm packages to spread malware across platforms, putting open-source developers at risk.

Kodane code was either machine-generated or done by a teenager An NPM package packed with cryptocurrency-stealing malware ...

Experts have warned that ‘is’, an npm package with more than 2.8 million weekly downloads, was also compromised in the same manner, and served malware for roughly six hours.

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.

Several popular npm packages with millions of weekly downloads were targeted, and one used as a launchpad for malware deployment, when its maintainer fell prey to a phishing attack.

Deno Land recently released Deno 2.3, an update of the Deno runtime that adds support for local NPM packages. Deno 2.3 also brings improvements to deno compile.

Malicious code in two NPM packages for Express applications would wipe out entire app directories when triggered with the right credentials, cybersecurity firm Socket reports. Express-api-sync ...

Malware & Threats Ongoing Campaign Uses 60 NPM Packages to Steal Data Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information ...