Hackernews posts about NPM

NPM is a package manager for JavaScript that allows developers to easily install and manage dependencies in their projects, serving as a central registry for millions of open-source packages.

1. Postmortem: TanStack NPM supply-chain compromise (tanstack.com)
   1097 points by varunsharma07 26 days ago | 465 comments
2. Malicious npm packages detected across Red Hat Cloud Services (github.com)
   773 points by kurmiashish 6 days ago | 452 comments
3. Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised (safedep.io)
   391 points by theanonymousone 19 days ago | 313 comments
4. Staged publishing and new install-time controls for npm (github.blog)
   61 points by brianmcnulty 15 days ago | 11 comments
5. Show HN: DepsGuard – One command to harden NPM/pnpm/yarn/bun/uv configs (github.com)
   40 points by eranation 5 days ago | 6 comments
6. New IronWorm malware hits 36 packages in NPM supply-chain attack (www.bleepingcomputer.com)
   22 points by yogthos 1 day ago | discuss
7. Show HN: Safe-install – safer NPM installs with trusted build dependencies (www.npmjs.com)
   19 points by gkiely 26 days ago | 5 comments
8. Mass NPM Supply Chain Attack Hits TanStack, Mistral AI, and 170 Packages (safedep.io)
   18 points by birdculture 26 days ago | 2 comments
9. Postmortem: TanStack NPM supply-chain compromise (tanstack.com)
   10 points by carlos-menezes 26 days ago | 1 comments
10. Show HN: FixMyNPM, CLI to fix your insecure npm config (github.com)
    10 points by madospace 25 days ago | discuss
11. Npm-scan: Modern supply chain security for the npm ecosystem (github.com)
    9 points by lateos-ai 6 days ago | discuss
12. OpenAI caught NPM supply chain chaos after employeedevices compromised (www.theregister.com)
    8 points by Timofeibu 21 days ago | discuss
13. Malicious node-IPC Versions Published to NPM (github.com)
    6 points by varunsharma07 23 days ago | 2 comments
14. Tanstack NPM Packages Compromised in Ongoing Supply-Chain Attack (socket.dev)
    6 points by pier25 26 days ago | 1 comments
15. Ongoing NPM supply chain attack uses binding.gyp to spread like a worm (github.com)
    6 points by varunsharma07 3 days ago | discuss
16. Can NPM, pnpm etc. use frontier models to check packages for malware?
    5 points by VikRubenfeld 29 days ago | 4 comments
17. New IronWorm malware hits 36 packages in NPM supply-chain attack (www.bleepingcomputer.com)
    5 points by segmenta 2 days ago | discuss
18. A 176-Package NPM Campaign Built to Beat Your Internal Dependencies (www.sonatype.com)
    5 points by speckx 9 days ago | discuss
19. Our response to the TanStack NPM supply chain attack (openai.com)
    5 points by meetpateltech 24 days ago | discuss
20. Mistral AI's NPM package was compromised (github.com)
    5 points by logickkk1 26 days ago | discuss
21. New Shai-Hulud malware wave compromises 600 NPM packages (itnerd.blog)
    4 points by mooreds 12 days ago | 2 comments
22. Red Hat packages backdoored through its official NPM channel (arstechnica.com)
    4 points by RedShift1 5 days ago | 1 comments
23. Staged Publishing for NPM Packages (docs.npmjs.com)
    4 points by jonchurch_ 17 days ago | 1 comments
24. Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp (www.stepsecurity.io)
    4 points by gaurang_tandon 3 days ago | discuss
25. NPM staged publishing setup with approximately one click per package (lavamoat.github.io)
    4 points by naugtur 10 days ago | discuss
26. Staged Publishing for NPM Packages (docs.npmjs.com)
    4 points by pimterry 17 days ago | discuss
27. No JavaScript. No npms. Make realtime web apps in modern Java (github.com)
    4 points by v4d1mv 17 days ago | discuss
28. Active Supply Chain Attack Compromises Antv Packages on NPM (socket.dev)
    4 points by 882542F3884314B 19 days ago | discuss
29. AI-powered NPM deprecation tracker with dependency tree Ghost Detection (www.stackgraveyard.dev)
    4 points by tlseternal 27 days ago | discuss
30. NPM Packages Attacks
    3 points by carlostkd 8 days ago | 1 comments