Security News

JavaScript package users have been warned to update due to a bug that could enable an attacker to infect them with malicious applications.

Trio of vulnerabilities made registry full of uncertain code even more of a risk On Wednesday, NPM, Inc, the California-based biz that has taken it upon itself to organize the world's JavaScript...

Account hijacking claimed by some but it may just be a developer behaving badly Another JavaScript package in the npm registry - the installer for PureScript - has been tampered with, leading...

Cryptocurrency users narrowly escaped losing all their funds last week after an attacker poisoned a digital wallet with malicious code that stole their blockchain access details.

What a wild ride, eh Komodo? Blockchain biz Komodo this week said it had used a vulnerability discovered by JavaScript package biz NPM to take control of some older Agama cryptocurrency wallets to...

NPM is working to course-correct after 2018 brought a handful of major incidents that caused usability and security headaches for system administrators.

Node.js package tried to plunder Bitcoin wallets A widely used Node.js code library in NPM's warehouse of repositories was altered to include crypto-coin-stealing malware. The lib in question,...

...and those devs are then applying patches, we hope JavaScript library custodian NPM, after years of security scrambling, looks to be getting a grip on its code safety.…

Tokens killed after eslint-scope JavaScript utility compromised An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal...

A malicious package masquerading as a cookie parsing library but delivering a backdoor instead was unpublished from the npm Registry along with three other packages. read more