Infosecurity-magazine.com

FortiGuard Uncovers Deceptive Install Scripts in npm Packages

A series of malicious packages hidden within the Node Package Manager (npm), the largest software registry for JavaScript, has been uncovered. According to a new advisory published by FortiGuard on ...
CSOonline

Npm ecosystem vulnerable to new manifest confusion attack

Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers. The npm (Node Package Manager) ecosystem of JavaScript ...
InfoWorld

Node.js alert: Google engineer finds flaw in NPM scripts

Node.js developers, run NPM install at your own risk -- a self-replicating worm can easily spread through the ecosystem Never assume a file downloaded from the Internet is safe. That warning also ...
heise online

New supply chain attack with malicious scripts in npm packages

The security firm Socket warns of a campaign with malicious scripts in npm packages. The analysts have discovered 60 of these packages that contain an infostealer, which in turn spies on a machine ...