GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly ...

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through ...

Red Hat's official npm namespace has been hijacked to push backdoored package versions built to steal cloud and developer ...

A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to ...