Hacker News with Generative AI: NPM

Can't Install CamelCase and Decamelize (github.com/npm)
NPM is investigating: We are currently investigating reports of intermittent failures when viewing and installing packages scoped to certain keywords.

Software, Bug, NPM, Packages

10 points by baq 25 days ago | 1 comments

Lazarus Group deceives developers with 6 new malicious NPM packages (cyberscoop.com)
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post.

Cybersecurity, Software Development, Malware, North Korea, NPM

17 points by feross 42 days ago | 0 comments

Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum (socket.dev)
Socket’s threat research team has discovered a malicious npm package, ethereumvulncontracthandler, which is posing as a tool for detecting vulnerabilities in Ethereum smart contracts but instead deploys Quasar RAT, a versatile remote access trojan, onto developers’ machines.

Cybersecurity, Ethereum, Malware, NPM

4 points by feross 127 days ago | 0 comments

70% of new NPM packages in last 6 months were spam (phylum.io)

NPM, Security, Spam, Software

225 points by louislang 262 days ago | 111 comments

Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum (socket.dev)

Cybersecurity, Software Security, Dark Web, NPM, Vulnerability

53 points by feross 294 days ago | 4 comments

Show HN: Resource Index – FOSS Git Repository and NPM Package Index (hkit.cc)

Open Source, Git, NPM, Software, Resources

14 points by aabbcc1241 331 days ago | 4 comments

NPM package is-even has over 140k weekly downloads (npmjs.com)

NPM, JavaScript, Software, Popularity

47 points by r_singh 348 days ago | 74 comments