News

Developer Tech9d
Node.js 24: A faster, sleeker JavaScript experience
Node 24 now includes Undici 7.0.0. For those not in the know, Undici is Node’s modern HTTP client. This upgrade means better ...
SD Times5y
GitHub acquires JavaScript package manager provider npm
GitHub has announced plans to acquire npm. Npm is the company behind the Node package manager for the programming language JavaScript, the npm Registry and npm CLI. “npm is a critical part of ...
CSO Online9d
Hackers booby trap NPM with cross-language imposter packages
Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node ...
Supply chain attack hits npm package with 45,000 weekly downloads
An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates ...
The Hacker News24y
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.
Bleeping Computer23d
Ripple's recommended XRP library xrpl.js hacked to steal wallets
The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server ...
SecurityWeek6d
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
Hosted on MSN22d
Ripple NPM supply chain attack hunts for private keys
The NPM package, xrpl, is a JavaScript/TypeScript library that devs use to interact with and build apps using the cryptocurrency ledger's features. This includes wallet and key management ...