Hackernews posts about NPM

NPM is a package manager for JavaScript that allows developers to easily install and manage dependencies in their projects, serving as a central registry for millions of open-source packages.

1. Postmortem: TanStack NPM supply-chain compromise (tanstack.com)
   1095 points by varunsharma07 11 days ago | 465 comments
2. Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised (safedep.io)
   388 points by theanonymousone 4 days ago | 310 comments
3. NPM website was down (status.npmjs.org)
   126 points by 18nleung 25 days ago | 61 comments
4. Official SAP NPM packages compromised to steal credentials (www.bleepingcomputer.com)
   34 points by Brajeshwar 22 days ago | 2 comments
5. Show HN: Safe-install – safer NPM installs with trusted build dependencies (www.npmjs.com)
   19 points by gkiely 11 days ago | 5 comments
6. Mass NPM Supply Chain Attack Hits TanStack, Mistral AI, and 170 Packages (safedep.io)
   18 points by birdculture 10 days ago | 2 comments
7. Bitwarden CLI NPM package has been compromised (opensourcemalware.com)
   16 points by 6mile 29 days ago | 1 comments
8. Show HN: FixMyNPM, CLI to fix your insecure npm config (github.com)
   10 points by madospace 9 days ago | 1 comments
9. Postmortem: TanStack NPM supply-chain compromise (tanstack.com)
   10 points by carlos-menezes 11 days ago | 1 comments
10. Mini Shai-Hulud: Bun Payloads Hit SAP NPM Packages (www.stepsecurity.io)
    9 points by likhith190 23 days ago | discuss
11. OpenAI caught NPM supply chain chaos after employeedevices compromised (www.theregister.com)
    8 points by Timofeibu 6 days ago | discuss
12. Malicious node-IPC Versions Published to NPM (github.com)
    6 points by varunsharma07 8 days ago | 2 comments
13. Tanstack NPM Packages Compromised in Ongoing Supply-Chain Attack (socket.dev)
    6 points by pier25 11 days ago | 1 comments
14. Can NPM, pnpm etc. use frontier models to check packages for malware?
    5 points by VikRubenfeld 14 days ago | 4 comments
15. Our response to the TanStack NPM supply chain attack (openai.com)
    5 points by meetpateltech 9 days ago | discuss
16. Mistral AI's NPM package was compromised (github.com)
    5 points by logickkk1 11 days ago | discuss
17. Another NPM supply chain worm is tearing through dev environments (www.theregister.com)
    5 points by omer_k 30 days ago | discuss
18. Staged Publishing for NPM Packages (docs.npmjs.com)
    4 points by jonchurch_ 2 days ago | 1 comments
19. Staged Publishing for NPM Packages (docs.npmjs.com)
    4 points by pimterry 1 day ago | discuss
20. Active Supply Chain Attack Compromises Antv Packages on NPM (socket.dev)
    4 points by 882542F3884314B 4 days ago | discuss
21. AI-powered NPM deprecation tracker with dependency tree Ghost Detection (www.stackgraveyard.dev)
    4 points by tlseternal 12 days ago | discuss
22. NPM: Putting the Brown in Brownout (ryanbigg.com)
    4 points by ryanbigg 22 days ago | discuss
23. More live NPM packages attributed to Axios threat actors (opensourcemalware.com)
    3 points by 6mile 4 days ago | 1 comments
24. No JavaScript. No npms. Make realtime web apps in modern Java (github.com)
    3 points by v4d1mv 1 day ago | discuss
25. NPM invalidates use of fine-grained tokens that bypass 2FA (docs.npmjs.com)
    3 points by meander_water 1 day ago | discuss
26. Show HN: Give This Markdown to Your Coding Agent Before Publishing to NPM
    3 points by freakynit 3 days ago | discuss
27. Popular node-ipc NPM Package Infected with Credential Stealer (socket.dev)
    3 points by csmantle 8 days ago | discuss
28. Aube, a fast NPM package manager which is faster than bun(made by jdx aka mise) (aube.en.dev)
    3 points by Imustaskforhelp 18 days ago | discuss
29. Someone compromised SAP's NPM packages and used the CI pipeline against itself (safedep.io)
    3 points by birdculture 23 days ago | discuss
30. TeamPCP Campaign Spreads to NPM via a Hijacked Bitwarden CLI (research.jfrog.com)
    3 points by thefreeman 29 days ago | discuss