Hackernews posts about NPM

NPM is a package manager for JavaScript that allows developers to easily install and manage dependencies in their projects, serving as a central registry for millions of open-source packages.

Related: Ledger

NPM stylus package contained malicious code and was removed from the registry (www.npmjs.com)

70 points by vandot 27 days ago | 42 comments
NPM 'accidentally' removes Stylus package, breaks builds and pipelines (www.bleepingcomputer.com)

17 points by daninet 26 days ago | 6 comments
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack (socket.dev)

14 points by feross 27 days ago | discuss
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack (socket.dev)

7 points by choult 24 days ago | discuss
Surveillance Malware Hidden in NPM and PyPI Packages Targets Developers With (socket.dev)

4 points by feross 26 days ago | 1 comments
Popular NPM linter packages hijacked via phishing to drop malware (www.bleepingcomputer.com)

4 points by akyuu 28 days ago | 1 comments
NPM 'accidentally' removes Stylus package, breaks builds and pipelines (www.bleepingcomputer.com)

4 points by mmcclure 24 days ago | discuss
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack (socket.dev)

4 points by croes 26 days ago | discuss
Official Google Cloud NPM package includes malware via a dependency (github.com)

4 points by laurent123456 30 days ago | discuss
Popular NPM linter packages hijacked via phishing to drop malware (www.bleepingcomputer.com)

3 points by mmsc 29 days ago | 1 comments
NPM Left-Pad Incident (en.wikipedia.org)

3 points by TimCTRL 1 day ago | discuss
NPM Phishing Email Targets Developers with Typosquatted Domain (socket.dev)

3 points by avivkeller 23 days ago | discuss
Heads up that v3.3.1 of npmjs.com/is has malware in it (bsky.app)

3 points by croes 26 days ago | discuss
I am currently negotiating with the npmjs official (github.com)

3 points by vasco 27 days ago | discuss
Hackers breach Toptal GitHub account, publish malicious NPM packages (www.bleepingcomputer.com)

2 points by DocFeind 25 days ago | discuss
NPM package 'is' with 2.8M weekly downloads infected devs with malware (www.bleepingcomputer.com)

2 points by f311a 26 days ago | discuss
Show HN: Sync your NPM packages to verdaccio with ease (github.com)

1 points by limingcan 5 days ago | discuss
ESLint-config-prettier: How NPM Package with 30M Downloads Spread Malware (safedep.io)

1 points by abhisek 28 days ago | discuss
Scavenger Malware Distributed via ESLint-Config-Prettier NPM Package Hack (invokere.com)

1 points by abhisek 28 days ago | discuss
VC-backed company just killed my EU trademark for a small OSS project

840 points by marcjschmidt 6 days ago | 244 comments
Launch HN: Embedder (YC S25) – Claude code for embedded software

111 points by bobwei1 3 days ago | 52 comments
Show HN: Stasher – Burn-after-read secrets from the CLI, no server, no trust (github.com)

72 points by stasher-dev 11 days ago | 55 comments
Show HN: AgentGuard – Auto-kill AI agents before they burn through your budget (github.com)

47 points by dipampaul17 19 days ago | 26 comments
Show HN: Happy Coder – End-to-End Encrypted Mobile Client for Claude Code (github.com)

20 points by ex3ndr 4 days ago | 5 comments
Show HN: IsAgent – Detect agents like ChatGPT Agent on your website (www.isagent.dev)

7 points by bobbiechen 17 days ago | 1 comments
Tell HN: Search your projects for "git://github.com". Any match is a bug.

6 points by XCabbage 7 days ago | discuss
Show HN: Give Claude a GitHub Codespace to automate all your apps via MCP (github.com)

5 points by linktothenew 20 days ago | 7 comments
Show HN: BlackMagic-JS – Automatic dark mode framework that just works (github.com)

5 points by LucAngevare 24 days ago | 1 comments
Show HN: Mcp-error-formatter – Cursor-style JSON errors for any MCP/LLM tool (github.com)

4 points by MutedEstate45 15 days ago | 2 comments
Show HN: Publican – an HTML-first static site generator for Node.js (publican.dev)

4 points by ceeb 18 days ago | discuss