Hackernews posts about NPM

NPM is a package manager for JavaScript that allows developers to easily install and manage dependencies in their projects, serving as a central registry for millions of open-source packages.

Related: Ledger

Claude Code's source code has been leaked via a map file in their NPM registry (twitter.com)

2090 points by treexs 7 days ago | 1022 comments
Axios compromised on NPM – Malicious versions drop remote access trojan (www.stepsecurity.io)

1932 points by mtud 7 days ago | 809 comments
Post Mortem: axios NPM supply chain compromise (github.com)

289 points by JeanMeche 5 days ago | 143 comments
Claude Code full source code leaked on NPM (github.com)

47 points by dheerajmp 7 days ago | 3 comments
Axios 1.14.1 and 0.30.4 Compromised via Stolen Maintainer Account on NPM (safedep.io)

8 points by birdculture 7 days ago | discuss
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package (cloud.google.com)

7 points by nettlin 7 days ago | 2 comments
Show HN: Llmpm – NPM for LLMs (www.llmpm.co)

6 points by sarthaksaxena 29 days ago | 2 comments
Axios Maintainer Confirms Social Engineering Attack Behind NPM Compromise (socket.dev)

5 points by feross 4 days ago | discuss
If Your AI Agent Ran NPM Install During the Axios Attack, You're Compromised (grith.ai)

5 points by edf13 6 days ago | discuss
1 Click authentication with new NPM package (www.npmjs.com)

4 points by Herod55 5 days ago | discuss
Malicious NPM Packages Found in React Native – 130K+ Monthly Downloads Hit (www.stepsecurity.io)

4 points by likhith190 22 days ago | discuss
ESM>CDN: A fast, Deno-friendly CDN for a world without 'NPM install (esm.sh)

3 points by kinderjaje 22 days ago | 1 comments
Show HN: CacheZero – Karpathy's LLM wiki idea as one NPM install

3 points by swarajbachu about 16 hours ago | discuss
Exploring NPM's Dependency Blast Radius: Visualization of the Top 1K (realarcherl.github.io)

3 points by ArcherL 1 day ago | discuss
Top NPM package backdoored to drop dirty RAT on dev machines (www.theregister.com)

3 points by Bender 6 days ago | discuss
NPM's Defaults Are Bad (nesbitt.io)

3 points by speckx 7 days ago | discuss
A gentle intro to NPM workspaces, with visuals (wasp.sh)

3 points by cprecioso 12 days ago | discuss
A multi-week, multi-ecosystem attack chain spanning GitHub Actions, npm, PyPI (ramimac.me)

3 points by dsr12 13 days ago | discuss
TeamPCP deploys CanisterWorm on NPM following Trivy compromise (www.aikido.dev)

3 points by Shank 15 days ago | discuss
CanisterWorm: NPM Publisher Compromise Deploys Backdoor Across 29 Packages (socket.dev)

3 points by pier25 18 days ago | discuss
Show HN: Search 7,500 MCP servers across NPM, PyPI, and the official registry (api.rhdxm.com)

3 points by c5huracan 26 days ago | discuss
Fastest general-purpose sorting library for JavaScript – 95.2% win rate vs. NPM (github.com)

2 points by Husain-Ayoob-I 15 days ago | 5 comments
Just crossed 2k NPM downloads and shipped the biggest Cognetivy upgrade yet (cognetivy.com)

2 points by meitarbe 29 days ago | 2 comments
Preventing accidental NPM leaks by reviewing the final artifact (github.com)

2 points by packattest 2 days ago | 1 comments
Axios NPM Package Compromised: Supply Chain Attack Delivers Cross-Platform Rat (snyk.io)

2 points by jruohonen 7 days ago | 1 comments
Axios NPM Package Supply Chain Hack (www.bleepingcomputer.com)

2 points by SpyKiIIer 6 days ago | discuss
Our AI traced the axios NPM attack and found how the payload hid itself (app.strix.ai)

2 points by ahmedallam2 7 days ago | discuss
Supply Chain Attack on Axios Pulls Malicious Dependency from NPM (socket.dev)

2 points by dsr12 7 days ago | discuss
Critical: Active supply chain attack on axios – one of NPM's most used packages (twitter.com)

2 points by thunderbong 7 days ago | discuss
Show HN: Safe-install – Docker-first install-time hardening for pip and NPM (github.com)

2 points by khaeldur 14 days ago | discuss