Search | News by Netwrck

Shai-Hulud Returns: Over 300 NPM Packages Infected

(helixguard.ai) by mrdosija | view | 775 comments

GitLab discovers widespread NPM supply chain attack

(about.gitlab.com) by OuterVale | view | 258 comments

Show HN: Safe-NPM – only install packages that are +90 days old

(github.com) by kevinslin | view | 64 comments

NPMX – a fast, modern browser for the NPM registry

(npmx.dev) by slymax | view | 36 comments

Posthog NPM packages are compromised

(twitter.com) by h1fra | view | 1 comments

Safe Chain: Stopping Malicious NPM Packages Before They Wreck Your Project

(aikido.dev) by nailer | view | 2 comments

Show HN: MCP Traffic Analyze with NPM

(npmjs.com) by o4isec | view | 0 comments

Malware in PostHog NPM packages

by roskoalexey | view | 9 comments

The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack

(socket.dev) by giuliomagnifico | view | 1 comments

Building an NPM Worm (2016)

(contolini.com) by christophetd | view | 0 comments

Moving Beyond the NPM Elliptic Package

(soatok.blog) by woodruffw | view | 1 comments

Crims Poison 150K+ NPM Packages with Token-Farming Malware

(theregister.com) by jruohonen | view | 1 comments

Show HN: Auto-Unpublish NPM Packages Published Outside CI

(github.com) by ethanblackburn | view | 2 comments

Hackers Use Npmscan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)

(audits.blockhacks.io) by block_hacks | view | 1 comments

Malicious Bun Script Found in NPM Package Bumps

by kothariji | view | 1 comments

The Shai-Hulud 2.0 npm worm: analysis, and what you need to know

(securitylabs.datadoghq.com) by saikatsg | view | 2 comments

SHA1-Hulud – The Second Coming: Over 1k NPM Packages Compromised

(koi.ai) by amitassaraf | view | 1 comments

Releasing Packages with a Valet Key: NPM, PyPI, and Beyond

(byk.im) by coloneltcb | view | 0 comments

SHA1-Hulud, NPM supply chain incident

(snyk.io) by tsenturk | view | 0 comments

Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack)

(socket.dev) by pvtmert | view | 1 comments

NPM install Vite is broken

(github.com) by nvader | view | 0 comments

StackTCO – find the right NPM packages for your framework

(stacktco.com) by matwiemann | view | 0 comments

Show HN: [npm] Recreation of YouTube's "ambient glow" effect

(npmjs.com) by JSXJedi | view | 1 comments

Tell HN: npm download stats are broken

by dudewhocodes | view | 0 comments

Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains

(socket.dev) by jicea | view | 0 comments

Show HN: tpmjs - npm for ai sdk tools

(tpmjs.com) by thomasfromcdnjs | view | 1 comments

Show HN: MCP for finding the better NPM dependencies

(web-production-0200a.up.railway.app) by jsafaiyeh | view | 0 comments

The GitHub Infrastructure Powering North Korea's Contagious Interview NPM

(socket.dev) by feross | view | 0 comments

Big attack on NPM – Shai-Hulud 2.0

(about.gitlab.com) by thomasfl | view | 3 comments

GitLab discovers widespread NPM supply chain attack

(about.gitlab.com) by soheilpro | view | 1 comments

Shai-Hulud malware infects 500 NPM packages, leaks secrets on GitHub

(bleepingcomputer.com) by speckx | view | 1 comments

Moving Beyond the NPM Elliptic Package

(soatok.blog) by zdw | view | 0 comments

Automated NPM secret rotation in GitHub Actions

(michaelheap.com) by mooreds | view | 0 comments

Analyzing a NPM Spam Campaign: The Great Indonesian Tea Theft

(endorlabs.com) by ChrisArchitect | view | 0 comments

Next.js 16's Turbopack breaks NPM link

(steveharrison.dev) by steveharrison | view | 0 comments

Xkcd: NPM Edition

(43081j.com) by patrikcsak | view | 0 comments

Show HN: Sniffmail – Email verification API, one NPM install, catch fake-signups

(sniffmail.io) by dayoola | view | 0 comments

npmx: a fast, modern browser for the npm registry

(npmx.dev) by OuterVale | view | 0 comments

Npmx: a fast, modern browser for the NPM registry

(npmx.dev) by todsacerdoti | view | 0 comments

Show HN: license checker for npm projects

(github.com) by chrillemn | view | 0 comments

Claude Code NPM downloads up and50% in recent weeks

(npm-stat.com) by gavinray | view | 0 comments

MCP Servers Are the New NPM Packages

(grith.ai) by edf13 | view | 0 comments

Malicious NPM Packages Use Pastebin Steganography to Deploy Credential Stealer

(socket.dev) by feross | view | 0 comments

npm i chat – One codebase, every chat platform

(vercel.com) by MaxLeiter | view | 0 comments

NPM install is stealing your passwords – I built a tool to catch it

(westbayberry.com) by ComCat | view | 1 comments

Show HN: Sourced – Grep any PyPI/NPM package's source code via MCP

(github.com) by justsomeguy1996 | view | 1 comments

Show HN: Sourced – Read and grep the source of any PyPI/NPM package via MCP

(github.com) by justsomeguy1996 | view | 0 comments

Behavioral NPM malware detection without CVEs

(westbayberry.com) by ComCat | view | 1 comments

Step by Step Analysis of Malicious NPM Package

(safedep.io) by abhisek | view | 0 comments

Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains

(socket.dev) by feross | view | 0 comments