npm

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

Sonatype’s deep dive research allowed to identify a new family of Discord malware called CursedGrabber. Sonatype has discovered more malware…

3 years ago

Malicious npm package ‘fallguys’ removed from the official repository

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files…

3 years ago

Experts found binary planting and arbitrary file overwrite flaws in NPM

NPM, the biggest package manager for JavaScript libraries, has addressed a vulnerability that could be exploited to execute "binary planting"…

4 years ago

The npm installer for PureScript package has been compromised

It has happened again, another JavaScript package in the npm registry has been compromised, it is the installer for PureScript. The installer…

5 years ago

This website uses cookies.