News
Latest
Top
Search
Submit
Login
Search
▲
1038
Shai-Hulud Returns: Over 300 NPM Packages Infected
(helixguard.ai)
by mrdosija |
view
|
775 comments
▲
420
GitLab discovers widespread NPM supply chain attack
(about.gitlab.com)
by OuterVale |
view
|
258 comments
▲
90
Show HN: Safe-NPM – only install packages that are +90 days old
(github.com)
by kevinslin |
view
|
64 comments
▲
66
NPMX – a fast, modern browser for the NPM registry
(npmx.dev)
by slymax |
view
|
36 comments
▲
38
Posthog NPM packages are compromised
(twitter.com)
by h1fra |
view
|
1 comments
▲
16
Safe Chain: Stopping Malicious NPM Packages Before They Wreck Your Project
(aikido.dev)
by nailer |
view
|
2 comments
▲
11
Show HN: MCP Traffic Analyze with NPM
(npmjs.com)
by o4isec |
view
|
0 comments
▲
11
Malware in PostHog NPM packages
by roskoalexey |
view
|
9 comments
▲
10
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack
(socket.dev)
by giuliomagnifico |
view
|
1 comments
▲
8
Building an NPM Worm (2016)
(contolini.com)
by christophetd |
view
|
0 comments
▲
8
Moving Beyond the NPM Elliptic Package
(soatok.blog)
by woodruffw |
view
|
1 comments
▲
7
Crims Poison 150K+ NPM Packages with Token-Farming Malware
(theregister.com)
by jruohonen |
view
|
1 comments
▲
6
Show HN: Auto-Unpublish NPM Packages Published Outside CI
(github.com)
by ethanblackburn |
view
|
2 comments
▲
5
Hackers Use Npmscan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)
(audits.blockhacks.io)
by block_hacks |
view
|
1 comments
▲
5
Malicious Bun Script Found in NPM Package Bumps
by kothariji |
view
|
1 comments
▲
4
Malicious NPM Packages Found in React Native – 130K+ Monthly Downloads Hit
(stepsecurity.io)
by likhith190 |
view
|
0 comments
▲
4
The Shai-Hulud 2.0 npm worm: analysis, and what you need to know
(securitylabs.datadoghq.com)
by saikatsg |
view
|
2 comments
▲
4
SHA1-Hulud – The Second Coming: Over 1k NPM Packages Compromised
(koi.ai)
by amitassaraf |
view
|
1 comments
▲
3
Bitwarden CLI NPM package has been compromised
(opensourcemalware.com)
by 6mile |
view
|
1 comments
▲
3
Releasing Packages with a Valet Key: NPM, PyPI, and Beyond
(byk.im)
by coloneltcb |
view
|
0 comments
▲
3
SHA1-Hulud, NPM supply chain incident
(snyk.io)
by tsenturk |
view
|
0 comments
▲
3
Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack)
(socket.dev)
by pvtmert |
view
|
1 comments
▲
3
NPM install Vite is broken
(github.com)
by nvader |
view
|
0 comments
▲
3
StackTCO – find the right NPM packages for your framework
(stacktco.com)
by matwiemann |
view
|
0 comments
▲
3
Show HN: [npm] Recreation of YouTube's "ambient glow" effect
(npmjs.com)
by JSXJedi |
view
|
1 comments
▲
2
Ongoing NPM supply chain attack uses binding.gyp to spread like a worm
(github.com)
by varunsharma07 |
view
|
0 comments
▲
2
NPM staged publishing setup with approximately one click per package
(lavamoat.github.io)
by naugtur |
view
|
0 comments
▲
2
Orbit – Route every AI query to the right model automatically (NPM SDK)
(orbitai.gtll.app)
by gabrielsmartin |
view
|
0 comments
▲
2
OpenAI caught NPM supply chain chaos after employeedevices compromised
(theregister.com)
by Timofeibu |
view
|
0 comments
▲
2
Postmortem: TanStack NPM supply-chain compromise
(tanstack.com)
by carlos-menezes |
view
|
0 comments
▲
2
TanStack NPM Packages Compromised
(github.com)
by varunsharma07 |
view
|
0 comments
▲
2
AI-powered NPM deprecation tracker with dependency tree Ghost Detection
(stackgraveyard.dev)
by tlseternal |
view
|
0 comments
▲
2
Axios Compromised on NPM – Malicious Versions Drop Remote Access Trojan
(stepsecurity.io)
by mtud |
view
|
1 comments
▲
2
Tell HN: npm download stats are broken
by dudewhocodes |
view
|
0 comments
▲
2
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(socket.dev)
by jicea |
view
|
0 comments
▲
2
Show HN: tpmjs - npm for ai sdk tools
(tpmjs.com)
by thomasfromcdnjs |
view
|
1 comments
▲
2
Show HN: MCP for finding the better NPM dependencies
(web-production-0200a.up.railway.app)
by jsafaiyeh |
view
|
0 comments
▲
2
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM
(socket.dev)
by feross |
view
|
0 comments
▲
2
Big attack on NPM – Shai-Hulud 2.0
(about.gitlab.com)
by thomasfl |
view
|
3 comments
▲
2
GitLab discovers widespread NPM supply chain attack
(about.gitlab.com)
by soheilpro |
view
|
1 comments
▲
2
Shai-Hulud malware infects 500 NPM packages, leaks secrets on GitHub
(bleepingcomputer.com)
by speckx |
view
|
1 comments
▲
2
Moving Beyond the NPM Elliptic Package
(soatok.blog)
by zdw |
view
|
0 comments
▲
2
Automated NPM secret rotation in GitHub Actions
(michaelheap.com)
by mooreds |
view
|
0 comments
▲
2
Analyzing a NPM Spam Campaign: The Great Indonesian Tea Theft
(endorlabs.com)
by ChrisArchitect |
view
|
0 comments
▲
2
Next.js 16's Turbopack breaks NPM link
(steveharrison.dev)
by steveharrison |
view
|
0 comments
▲
1
Upcoming breaking changes for NPM v12
(github.blog)
by plasma |
view
|
0 comments
▲
1
NPM-Scan v1.4.1: Detecting IronWorm, Miasma Escalated, and Dependency Confusion
(npmjs.com)
by lateos-ai |
view
|
0 comments
▲
1
NPM-Scan: Detecting Six Major NPM Supply Chain Campaigns (June 2026)
(npmjs.com)
by lateos-ai |
view
|
0 comments
▲
1
Lateos/NPM-scan v1.2.0: Detecting Native Addon Malware (node-gyp Abuse)
(github.com)
by lateos-ai |
view
|
1 comments
▲
1
New IronWorm malware hits 36 packages in NPM supply-chain attack
(bleepingcomputer.com)
by yogthos |
view
|
0 comments
News
News