The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, ...
Bleeping Computer

Compromised JavaScript Package Caught Stealing npm Credentials

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
Threat Post

Attackers Use Typo-Squatting To Steal npm Credentials

Criminals used a typo-squatting technique and uploaded rogue JavaScript libraries to a popular code repository npm. Hackers seeking developer credentials used typo-squatting to spread malicious code ...
TechRadar

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systems Malware targeted system keyrings, bypassing app-level security to steal decrypted credentials Affected users must ...