Hacker News with Generative AI: NPM

Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum (socket.dev)
Socket’s threat research team has discovered a malicious npm package, ethereumvulncontracthandler, which is posing as a tool for detecting vulnerabilities in Ethereum smart contracts but instead deploys Quasar RAT, a versatile remote access trojan, onto developers’ machines.

Cybersecurity, Ethereum, Malware, NPM

4 points by feross 28 days ago | 0 comments

70% of new NPM packages in last 6 months were spam (phylum.io)

NPM, Security, Spam, Software

225 points by louislang 164 days ago | 111 comments

Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum (socket.dev)

Cybersecurity, Software Security, Dark Web, NPM, Vulnerability

53 points by feross 196 days ago | 4 comments

Show HN: Resource Index – FOSS Git Repository and NPM Package Index (hkit.cc)

Open Source, Git, NPM, Software, Resources

14 points by aabbcc1241 233 days ago | 4 comments

NPM package is-even has over 140k weekly downloads (npmjs.com)

NPM, JavaScript, Software, Popularity

47 points by r_singh 250 days ago | 74 comments