CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
InfoWorld

Deno stabilizes NPM compatibility

With Deno 1.28, developers now can import more than 1.3 million NPM modules, as well as run NPM scripts and CLIs and execute NPM packages with subcommands. NPM compatibility in the Deno ...
IT News For Australia Business

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
InfoWorld

How one yanked JavaScript package wreaked havoc

When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem Developers ...
Ars Technica

Best nodejs REPL replacement module?

I've been slowly teaching myself nodejs and have gotten to the point where I've noticed some problems with the default REPL. Thing is, searching 'repl' on npmjs.com, returns 883 results. Googling for ...

5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Hosted on MSN

Rampant emoji use suggests crypto-stealing NPM package was written by AI

An NPM package packed with cryptocurrency-stealing malware appears to have been largely AI-generated, as evidenced by its liberal use of emojis and other telltale signs.… Security shop Safety found ...