Hackernews posts about NPM

NPM is a package manager for JavaScript that allows developers to easily install and manage dependencies in their projects, serving as a central registry for millions of open-source packages.

1. NPM debug and chalk packages compromised (www.aikido.dev)
   1372 points by universesquid 24 days ago | 757 comments
2. Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised (socket.dev)
   1233 points by jamesberthoty 17 days ago | 1019 comments
3. DuckDB NPM packages 1.3.3 and 1.29.2 compromised with malware (github.com)
   395 points by tosh 24 days ago | 283 comments
4. You too can run malware from NPM (I mean without consequences) (github.com)
   195 points by naugtur 24 days ago | 114 comments
5. Oh no, not again a meditation on NPM supply chain attacks (tane.dev)
   173 points by theycameback 16 days ago | 220 comments
6. Which NPM package has the largest version number? (adamhl.dev)
   168 points by genshii 18 days ago | 76 comments
7. Show HN: Tips to stay safe from NPM supply chain attacks (github.com)
   96 points by bodash 11 days ago | 55 comments
8. Active NPM supply chain attack: Tinycolor and 40 Packages Compromised (socket.dev)
   85 points by feross 17 days ago | 36 comments
9. Live updates: Shai-hulud, the most dangerous NPM breach in history (www.koi.security)
   46 points by chha 16 days ago | 3 comments
10. NPM package 'debug' v4.4.2 contains malware (social.hackerspace.pl)
    31 points by q3k 25 days ago | 5 comments
11. DuckDB NPM Account Compromised in Continuing Supply Chain Attack (socket.dev)
    27 points by feross 23 days ago | 1 comments
12. Color NPM Package Compromised (fasterthanli.me)
    23 points by coldblues 24 days ago | 1 comments
13. Npm packages with over 1b weekly downloads, incl. Chalk, have been compromised. (jdstaerk.substack.com)
    23 points by DDerTyp 25 days ago | 1 comments
14. GitHub's plan for a more secure NPM supply chain (github.blog)
    22 points by abraham 10 days ago | 1 comments
15. Hackers hijack NPM packages with 2B weekly downloads in supply chain attack (www.bleepingcomputer.com)
    10 points by ladidahh 24 days ago | 2 comments
16. Ongoing Supply Chain Attack Targets CrowdStrike NPM Packages (socket.dev)
    9 points by TheCleric 16 days ago | 1 comments
17. Debug 4.4.2 published on NPM seems to contain cryptominer (github.com)
    9 points by axismundi 25 days ago | discuss
18. Incident hitting NPM users is likely the biggest supply-chain attack (arstechnica.com)
    7 points by beatthatflight 24 days ago | 1 comments
19. Shai-Hulud: The novel self-replicating worm infecting NPM packages (www.sysdig.com)
    7 points by Bogdanp 15 days ago | discuss
20. Show HN: npm-daycare, an NPM proxy that filters out recent & small packages (github.com)
    6 points by n2d4 16 days ago | 2 comments
21. More than 40 popular NPM packages compromised (twitter.com)
    6 points by h1fra 17 days ago | 1 comments
22. Show HN: CVibe – The NPM of Prompts (cvibe.dev)
    5 points by yairchen 27 days ago | 7 comments
23. How Deno protects against NPM exploits (deno.com)
    5 points by emschwartz 2 days ago | 1 comments
24. GitHub's plan for a more secure NPM supply chain (github.blog)
    5 points by gnabgib 9 days ago | 1 comments
25. PodRocket Podcast: Inside the Recent NPM Supply Chain Attacks (socket.dev)
    5 points by feross about 4 hours ago | discuss
26. Show HN: Silobase – Firebase/Supabase alternative as NPM package (iamsimi.medium.com)
    5 points by fathersimi about 20 hours ago | discuss
27. Our plan for a more secure NPM supply chain (github.blog)
    5 points by nnx 8 days ago | discuss
28. Lessons from NPM's Security Failures (oneuptime.com)
    5 points by thunderbong 23 days ago | discuss
29. NPM Has Become a Russian Roulette (worklifenotes.com)
    4 points by taleodor 9 days ago | 1 comments
30. NPM Author Qix Compromised via Phishing Email (socket.dev)
    4 points by pier25 24 days ago | 1 comments