News
Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan.
NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total ...
Another one-line npm package breaks the JavaScript ecosystem An update to tiny "is-promise" library impacted millions of JavaScript projects. Written by Catalin Cimpanu, Contributor ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback