Hackernews posts about NPMX

  1. Show HN: A Bluesky client for PICO-8 (picosky.vinnymac.dev)
    4 points by vinnymac 12 days ago | discuss
  2. Malicious npm packages detected across Red Hat Cloud Services (github.com)
    775 points by kurmiashish 21 days ago | 454 comments
  3. Upcoming breaking changes for npm v12 (github.blog)
    484 points by plasma 12 days ago | 208 comments
  4. Show HN: DepsGuard – One command to harden NPM/pnpm/yarn/bun/uv configs (github.com)
    40 points by eranation 20 days ago | 7 comments
  5. New IronWorm malware hits 36 packages in NPM supply-chain attack (www.bleepingcomputer.com)
    22 points by yogthos 17 days ago | discuss
  6. Hide Secrets from AI Agents and NPM install using Airgap (sauleau.com)
    19 points by netgusto 2 days ago | 2 comments
  7. Npm-scan: Modern supply chain security for the npm ecosystem (github.com)
    9 points by lateos-ai 21 days ago | discuss
  8. Ongoing NPM supply chain attack uses binding.gyp to spread like a worm (github.com)
    6 points by varunsharma07 18 days ago | discuss
  9. NPM attack targets Zapier and security tool browser extensions (opensourcemalware.com)
    5 points by 6mile 3 days ago | 1 comments
  10. I scored 200 blockchain NPM packages for deprecation and hijack risk (chain-audit.netlify.app)
    5 points by Heavensinfinite 4 days ago | discuss
  11. New IronWorm malware hits 36 packages in NPM supply-chain attack (www.bleepingcomputer.com)
    5 points by segmenta 17 days ago | discuss
  12. Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp (www.stepsecurity.io)
    5 points by gaurang_tandon 18 days ago | discuss
  13. A 176-Package NPM Campaign Built to Beat Your Internal Dependencies (www.sonatype.com)
    5 points by speckx 25 days ago | discuss
  14. Show HN: Nuts – pip/NPM for Java with first-class workspaces, JDK provisioning (github.com)
    4 points by thevpc 11 days ago | 2 comments
  15. New Shai-Hulud malware wave compromises 600 NPM packages (itnerd.blog)
    4 points by mooreds 28 days ago | 2 comments
  16. September 2025 NPM Attack Hit 2.6B Weekly Downloads. Most Found Out on Twitter (datanexusmcp.com)
    4 points by jsmudda 4 days ago | 1 comments
  17. Multiple mastra NPM packages compromised (github.com)
    4 points by varunsharma07 5 days ago | 1 comments
  18. Red Hat packages backdoored through its official NPM channel (arstechnica.com)
    4 points by RedShift1 20 days ago | 1 comments
  19. GitHub pulls pin on NPM's auto-run scripts (www.theregister.com)
    4 points by MrDresden 11 days ago | discuss
  20. NPM staged publishing setup with approximately one click per package (lavamoat.github.io)
    4 points by naugtur 25 days ago | discuss
  21. >400 AUR Packages Compromised with NPM post-install malware (archlinux.org)
    3 points by lorenzohess 9 days ago | 1 comments
  22. I Am Open Sourcing Hissab Calculator App, Skills, CLI and NPM (github.com)
    3 points by prenx4x 12 days ago | 1 comments
  23. NPM Packages Attacks
    3 points by carlostkd 23 days ago | 1 comments
  24. Someone at NPM needs see this – to stop the madness (www.youtube.com)
    3 points by ascended 3 days ago | discuss
  25. NPM-Scan: Detecting Six Major NPM Supply Chain Campaigns (June 2026) (www.npmjs.com)
    3 points by lateos-ai 14 days ago | discuss
  26. Show HN: Lookspan – local-first observability for AI agents (npx lookspan) (github.com)
    3 points by JoniMartin 18 days ago | discuss
  27. Update on supply chain compromise of Red Hat cloud-services NPM packages (access.redhat.com)
    3 points by dralley 18 days ago | discuss
  28. Show HN: MCP Registry – NPM-style install for MCP servers (mcp-registry-dh5.pages.dev)
    3 points by PengSpirit 20 days ago | discuss
  29. Red Hat packages backdoored through its offical NPM channel (arstechnica.com)
    3 points by jjbinx007 20 days ago | discuss
  30. How to Evaluate an NPM Package – 2026 Edition (blog.gaborkoos.com)
    3 points by theanonymousone 23 days ago | discuss
More