NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat ...

All malicious npm packages carried identical payloads for snooping sensitive network information from developers’ systems.

Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year ...

A hacking campaign is spreading malicious reconnaissance scripts already downloaded more than 3,000 times from the JavaScript ...

Mailparser is an npm package for parsing email data using JavaScript. This is an old library, and one that's been deprecated in favor of a newer one named "Nodemailer." ...

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

Despite being just two lines of code that perform a basic check, the is-promise library is one of today's most popular JavaScript npm packages (libraries). According to GitHub, the library is part ...

Thousands of applications were broken on Tuesday after a programmer unpublished a critical module in npm, a package manager for widely-used JavaScript projects. Countless projects were left in ...

npm, Inc. recently announced the launch of npm Pro, designed for independent JavaScript developers. npm also rebranded its existing npm Orgs, which caters to teams of developers, as npm Teams.

NPM, the Node package manager, is part of the standard Node.js installation, although it has its own website. In 1995 Brendan Eich, then a contractor to Netscape, created the JavaScript language ...