Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Supply chain attack hits 300 million-download Axios npm package

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...
ZDNet

Show-stopping bug appears in npm Node.js package manager

Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported ...
Arabian Post

CanisterWorm exploits npm accounts at scale

The campaign has been linked to a group identified as “TeamPCP,” which has systematically targeted maintainers of popular npm ...