Developer Tech

Socket security analysis on npm: A shield for supply chains

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.

AI coding assistant Cline compromised to create more OpenClaw chaos

Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack ...
InfoWorld

NPM JavaScript registry mishaps: What to do

Concerned users can set up their own backup system if they don’t trust the steps NPM Inc. has taken to prevent problems The NPM registry of JavaScript packages has become a critical cog in the ...
Business Wire

npm Registry Crosses One Billion Average Daily Downloads

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., which runs the world’s largest software registry and maintains the `npm` software development tool, today announced that the npm Registry has achieved one ...
CSOonline

Malicious code in the Node.js npm registry shakes open source trust model

Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...
Infosecurity-magazine.com

Malicious Spam Campaign Downs npm Registry

Security experts have urged the npm registry to deploy anti-bot technology after revealing that the open source repository has suffered intermittent denial of service (DoS) outages over the past month ...
InfoWorld

NPM: Free public JavaScript registry will continue

Is the public NPM JavaScript package registry going away? NPM, the company behind the popular online repository of Node.js and JavaScript code, insists it will remain, despite a recent rumor to the ...