GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
Process improvements and a closer look at funding streams will provide far more protection for the open source software we ...
Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...
A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback