Cybernews

The 2025 npm worm that shook the software supply chain

As a worm spread through hundreds of npm packages in 2025, it didn't exploit a vulnerability – it exploited the architecture.
ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
TWCN Tech News

NPM is not recognized as an internal or external command

As NPM is the package manager of Node.js, it is highly recommended to download the latest version of Node.js when you see the above-mentioned error. To download the ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
TechRadar

These NPM tools are actually just installing malware

Cybersecurity researchers from Check Point have discovered 16 typosquatted packages on the NPM repository that install cryptocurrency miners. NPM is one of the more popular JavaScript repositories, ...
InfoWorld

A simple automated build pipeline for Node.js

Build processes can be quite sophisticated for enterprise applications, but even simple and early-stage projects can benefit from automated build pipelines. This article describes a quick-to-deploy ...