News
Latest
Top
Search
Submit
Login
Search
▲
1038
Shai-Hulud Returns: Over 300 NPM Packages Infected
(helixguard.ai)
by mrdosija |
view
|
775 comments
▲
420
GitLab discovers widespread NPM supply chain attack
(about.gitlab.com)
by OuterVale |
view
|
258 comments
▲
90
Show HN: Safe-NPM – only install packages that are +90 days old
(github.com)
by kevinslin |
view
|
64 comments
▲
66
NPMX – a fast, modern browser for the NPM registry
(npmx.dev)
by slymax |
view
|
36 comments
▲
38
Posthog NPM packages are compromised
(twitter.com)
by h1fra |
view
|
1 comments
▲
16
Safe Chain: Stopping Malicious NPM Packages Before They Wreck Your Project
(aikido.dev)
by nailer |
view
|
2 comments
▲
11
Show HN: MCP Traffic Analyze with NPM
(npmjs.com)
by o4isec |
view
|
0 comments
▲
11
Malware in PostHog NPM packages
by roskoalexey |
view
|
9 comments
▲
10
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack
(socket.dev)
by giuliomagnifico |
view
|
1 comments
▲
8
Building an NPM Worm (2016)
(contolini.com)
by christophetd |
view
|
0 comments
▲
8
Moving Beyond the NPM Elliptic Package
(soatok.blog)
by woodruffw |
view
|
1 comments
▲
7
Crims Poison 150K+ NPM Packages with Token-Farming Malware
(theregister.com)
by jruohonen |
view
|
1 comments
▲
6
Show HN: Auto-Unpublish NPM Packages Published Outside CI
(github.com)
by ethanblackburn |
view
|
2 comments
▲
5
Hackers Use Npmscan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)
(audits.blockhacks.io)
by block_hacks |
view
|
1 comments
▲
5
Malicious Bun Script Found in NPM Package Bumps
by kothariji |
view
|
1 comments
▲
4
Malicious NPM Packages Found in React Native – 130K+ Monthly Downloads Hit
(stepsecurity.io)
by likhith190 |
view
|
0 comments
▲
4
The Shai-Hulud 2.0 npm worm: analysis, and what you need to know
(securitylabs.datadoghq.com)
by saikatsg |
view
|
2 comments
▲
4
SHA1-Hulud – The Second Coming: Over 1k NPM Packages Compromised
(koi.ai)
by amitassaraf |
view
|
1 comments
▲
3
Bitwarden CLI NPM package has been compromised
(opensourcemalware.com)
by 6mile |
view
|
1 comments
▲
3
Releasing Packages with a Valet Key: NPM, PyPI, and Beyond
(byk.im)
by coloneltcb |
view
|
0 comments
▲
3
SHA1-Hulud, NPM supply chain incident
(snyk.io)
by tsenturk |
view
|
0 comments
▲
3
Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack)
(socket.dev)
by pvtmert |
view
|
1 comments
▲
3
NPM install Vite is broken
(github.com)
by nvader |
view
|
0 comments
▲
3
StackTCO – find the right NPM packages for your framework
(stacktco.com)
by matwiemann |
view
|
0 comments
▲
3
Show HN: [npm] Recreation of YouTube's "ambient glow" effect
(npmjs.com)
by JSXJedi |
view
|
1 comments
▲
2
Axios Compromised on NPM – Malicious Versions Drop Remote Access Trojan
(stepsecurity.io)
by mtud |
view
|
1 comments
▲
2
Tell HN: npm download stats are broken
by dudewhocodes |
view
|
0 comments
▲
2
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(socket.dev)
by jicea |
view
|
0 comments
▲
2
Show HN: tpmjs - npm for ai sdk tools
(tpmjs.com)
by thomasfromcdnjs |
view
|
1 comments
▲
2
Show HN: MCP for finding the better NPM dependencies
(web-production-0200a.up.railway.app)
by jsafaiyeh |
view
|
0 comments
▲
2
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM
(socket.dev)
by feross |
view
|
0 comments
▲
2
Big attack on NPM – Shai-Hulud 2.0
(about.gitlab.com)
by thomasfl |
view
|
3 comments
▲
2
GitLab discovers widespread NPM supply chain attack
(about.gitlab.com)
by soheilpro |
view
|
1 comments
▲
2
Shai-Hulud malware infects 500 NPM packages, leaks secrets on GitHub
(bleepingcomputer.com)
by speckx |
view
|
1 comments
▲
2
Moving Beyond the NPM Elliptic Package
(soatok.blog)
by zdw |
view
|
0 comments
▲
2
Automated NPM secret rotation in GitHub Actions
(michaelheap.com)
by mooreds |
view
|
0 comments
▲
2
Analyzing a NPM Spam Campaign: The Great Indonesian Tea Theft
(endorlabs.com)
by ChrisArchitect |
view
|
0 comments
▲
2
Next.js 16's Turbopack breaks NPM link
(steveharrison.dev)
by steveharrison |
view
|
0 comments
▲
1
NPM Slop and Wonky Software Supply Chains
(simonramstedt.com)
by rmst |
view
|
0 comments
▲
1
TeamPCP Campaign Spreads to NPM via a Hijacked Bitwarden CLI
(research.jfrog.com)
by thefreeman |
view
|
0 comments
▲
1
Another NPM supply chain worm is tearing through dev environments
(theregister.com)
by omer_k |
view
|
0 comments
▲
1
GPT-Proxy Backdoor in NPM and PyPI Turns Servers into Chinese LLM Relays
(aikido.dev)
by lschueller |
view
|
0 comments
▲
1
Features everyone should steal from npmx
(nesbitt.io)
by speckx |
view
|
0 comments
▲
1
pnpm v11 is almost here
(twitter.com)
by bpierre |
view
|
0 comments
▲
1
Show HN: A tiny macOS app that clears app caches and NPM/Docker/Xcode junk
(apps.apple.com)
by chernikovalexey |
view
|
0 comments
▲
1
NPM retires audit endpoint; breaks pnpm
(github.com)
by troad |
view
|
0 comments
▲
1
Context-pnpm – Score TypeScript monorepo files by AI context waste
(notion.so)
by kondvik |
view
|
0 comments
▲
1
Show HN: SafeInstall – local install-time guardrails for NPM/pnpm/bun
(safeinstall.dev)
by MichaelLabitzke |
view
|
0 comments
▲
1
Show HN: Depsly – a CLI to see the dependency impact of NPM packages
(github.com)
by cyborg933 |
view
|
0 comments
▲
1
Fairwords NPM packages compromised by credential worm stealing tokens and
(safedep.io)
by birdculture |
view
|
0 comments
News
News