Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

ENVIRONMENT: BUILD and implement functional software products that serve user needs as the next Mid-Level Java Engineer wanted to join the team of a dynamic Software Specialist in Joburg. Working in ...

ENVIRONMENT: BUILD and implement functional software products that serve user needs as the next Mid-Level Java Engineer wanted to join the team of a dynamic Software Specialist in Joburg. Working in ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages ...

A major supply chain attack on the NPM repository briefly threatened crypto users worldwide. Malicious code was pushed into ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain crypto wallets.

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

Binance reassures customers after a massive NPM supply chain attack injects malicious code into 18 popular JavaScript ...