Hackernews posts about NPM
NPM is a package manager for JavaScript that allows developers to easily install and manage dependencies in their projects, serving as a central registry for millions of open-source packages.
Related:
Ledger
- Upcoming breaking changes for npm v12 (github.blog)
- Hide Secrets from AI Agents and NPM install using Airgap (sauleau.com)
- NPM attack targets Zapier and security tool browser extensions (opensourcemalware.com)
- I scored 200 blockchain NPM packages for deprecation and hijack risk (chain-audit.netlify.app)
- Multiple mastra NPM packages compromised (github.com)
- GitHub pulls pin on NPM's auto-run scripts (www.theregister.com)
- Freedom from NPM. Happy 4th (www.npmjs.com)
- >400 AUR Packages Compromised with NPM post-install malware (archlinux.org)
- Protecting Supabase projects from NPM supply chain attacks (supabase.com)
- Someone at NPM needs see this – to stop the madness (www.youtube.com)
- Show HN: AnythingLLM Fork as NPM Package (github.com)
- Immobiliarelabs NPM packages have been compromised (github.com)
- I received a fake job offer. The NPM package was a full info-stealer (aydinnyunus.github.io)
- Show HN: Modelparams.dev: AI Model Parameters Database (UI, API, NPM) (modelparams.dev)
- MCP-customs: NPM audit, but for MCP servers (github.com)
- Mastra NPM Supply Chain Attack: 140 Packages Backdoor via easy-day-JS Typosquat (www.stepsecurity.io)