NPM should remove the default license from new packages (ISC)
(extremq.com)
npm powers an important chunk of websites and servers. Wikipedia notes that
npm powers an important chunk of websites and servers. Wikipedia notes that
Can't Install CamelCase and Decamelize
(github.com/npm)
NPM is investigating: We are currently investigating reports of intermittent failures when viewing and installing packages scoped to certain keywords.
NPM is investigating: We are currently investigating reports of intermittent failures when viewing and installing packages scoped to certain keywords.
Lazarus Group deceives developers with 6 new malicious NPM packages
(cyberscoop.com)
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post.
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post.
Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum
(socket.dev)
Socket’s threat research team has discovered a malicious npm package, ethereumvulncontracthandler, which is posing as a tool for detecting vulnerabilities in Ethereum smart contracts but instead deploys Quasar RAT, a versatile remote access trojan, onto developers’ machines.
Socket’s threat research team has discovered a malicious npm package, ethereumvulncontracthandler, which is posing as a tool for detecting vulnerabilities in Ethereum smart contracts but instead deploys Quasar RAT, a versatile remote access trojan, onto developers’ machines.