News
Latest
Top
Search
Submit
Login
Search
▲
1038
Shai-Hulud Returns: Over 300 NPM Packages Infected
(helixguard.ai)
by mrdosija |
view
|
775 comments
▲
420
GitLab discovers widespread NPM supply chain attack
(about.gitlab.com)
by OuterVale |
view
|
258 comments
▲
90
Show HN: Safe-NPM – only install packages that are +90 days old
(github.com)
by kevinslin |
view
|
64 comments
▲
66
NPMX – a fast, modern browser for the NPM registry
(npmx.dev)
by slymax |
view
|
36 comments
▲
38
Posthog NPM packages are compromised
(twitter.com)
by h1fra |
view
|
1 comments
▲
16
Safe Chain: Stopping Malicious NPM Packages Before They Wreck Your Project
(aikido.dev)
by nailer |
view
|
2 comments
▲
11
Show HN: MCP Traffic Analyze with NPM
(npmjs.com)
by o4isec |
view
|
0 comments
▲
11
Malware in PostHog NPM packages
by roskoalexey |
view
|
9 comments
▲
10
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack
(socket.dev)
by giuliomagnifico |
view
|
1 comments
▲
8
Building an NPM Worm (2016)
(contolini.com)
by christophetd |
view
|
0 comments
▲
8
Moving Beyond the NPM Elliptic Package
(soatok.blog)
by woodruffw |
view
|
1 comments
▲
7
Crims Poison 150K+ NPM Packages with Token-Farming Malware
(theregister.com)
by jruohonen |
view
|
1 comments
▲
6
Show HN: Auto-Unpublish NPM Packages Published Outside CI
(github.com)
by ethanblackburn |
view
|
2 comments
▲
5
Hackers Use Npmscan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)
(audits.blockhacks.io)
by block_hacks |
view
|
1 comments
▲
5
Malicious Bun Script Found in NPM Package Bumps
by kothariji |
view
|
1 comments
▲
4
Malicious NPM Packages Found in React Native – 130K+ Monthly Downloads Hit
(stepsecurity.io)
by likhith190 |
view
|
0 comments
▲
4
The Shai-Hulud 2.0 npm worm: analysis, and what you need to know
(securitylabs.datadoghq.com)
by saikatsg |
view
|
2 comments
▲
4
SHA1-Hulud – The Second Coming: Over 1k NPM Packages Compromised
(koi.ai)
by amitassaraf |
view
|
1 comments
▲
3
Releasing Packages with a Valet Key: NPM, PyPI, and Beyond
(byk.im)
by coloneltcb |
view
|
0 comments
▲
3
SHA1-Hulud, NPM supply chain incident
(snyk.io)
by tsenturk |
view
|
0 comments
▲
3
Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack)
(socket.dev)
by pvtmert |
view
|
1 comments
▲
3
NPM install Vite is broken
(github.com)
by nvader |
view
|
0 comments
▲
3
StackTCO – find the right NPM packages for your framework
(stacktco.com)
by matwiemann |
view
|
0 comments
▲
3
Show HN: [npm] Recreation of YouTube's "ambient glow" effect
(npmjs.com)
by JSXJedi |
view
|
1 comments
▲
2
Tell HN: npm download stats are broken
by dudewhocodes |
view
|
0 comments
▲
2
Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains
(socket.dev)
by jicea |
view
|
0 comments
▲
2
Show HN: tpmjs - npm for ai sdk tools
(tpmjs.com)
by thomasfromcdnjs |
view
|
1 comments
▲
2
Show HN: MCP for finding the better NPM dependencies
(web-production-0200a.up.railway.app)
by jsafaiyeh |
view
|
0 comments
▲
2
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM
(socket.dev)
by feross |
view
|
0 comments
▲
2
Big attack on NPM – Shai-Hulud 2.0
(about.gitlab.com)
by thomasfl |
view
|
3 comments
▲
2
GitLab discovers widespread NPM supply chain attack
(about.gitlab.com)
by soheilpro |
view
|
1 comments
▲
2
Shai-Hulud malware infects 500 NPM packages, leaks secrets on GitHub
(bleepingcomputer.com)
by speckx |
view
|
1 comments
▲
2
Moving Beyond the NPM Elliptic Package
(soatok.blog)
by zdw |
view
|
0 comments
▲
2
Automated NPM secret rotation in GitHub Actions
(michaelheap.com)
by mooreds |
view
|
0 comments
▲
2
Analyzing a NPM Spam Campaign: The Great Indonesian Tea Theft
(endorlabs.com)
by ChrisArchitect |
view
|
0 comments
▲
2
Next.js 16's Turbopack breaks NPM link
(steveharrison.dev)
by steveharrison |
view
|
0 comments
▲
1
Depguard MCP – Audit NPM packages for security, maintenance and licenses
(github.com)
by kka |
view
|
0 comments
▲
1
ESM>CDN: A fast, Deno-friendly CDN for a world without 'NPM install
(esm.sh)
by kinderjaje |
view
|
0 comments
▲
1
Show HN: Search 7,500 MCP servers across NPM, PyPI, and the official registry
(api.rhdxm.com)
by c5huracan |
view
|
0 comments
▲
1
Simple-Git NPM package has CVSS 9.8 RCE; 5M+ weekly downloads–check lockfiles
(codeant.ai)
by birdculture |
view
|
0 comments
▲
1
We built NPM for agent knowledge – Context Packs on Armalo (update)
(armalo.ai)
by ArmaloAI |
view
|
1 comments
▲
1
Regxa – query NPM, PyPI, crates.io, RubyGems, Packagist from one TypeScript call
(github.com)
by oritwoen |
view
|
1 comments
▲
1
Show HN: Llmpm – NPM for LLMs
(llmpm.co)
by sarthaksaxena |
view
|
0 comments
▲
1
Show HN: Llmpm – NPM for LLMs
(llmpm.co)
by sarthaksaxena |
view
|
0 comments
▲
1
Just crossed 2k NPM downloads and shipped the biggest Cognetivy upgrade yet
(cognetivy.com)
by meitarbe |
view
|
1 comments
▲
1
NPM CLI for Azure DevOps Boards with AI Support
(npmjs.com)
by skhell |
view
|
0 comments
▲
1
Supporting the Npmx Alpha Launch
(atproto.com)
by doener |
view
|
0 comments
▲
1
NPM audit passes malicious packages with no CVE
(westbayberry.com)
by ComCat |
view
|
1 comments
▲
1
Malicious NPM package pino-SDK-v2 exfiltrates .env secrets to Discord
by Sudhanshu2310 |
view
|
0 comments
▲
1
Show HN: Aidevshield NPM audit for AI coding tool workflows
(github.com)
by GrimLabs |
view
|
0 comments
News
News