Business Wire

npm, Inc. Acquires ^Lift Security and Node Security Platform

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., which runs the world’s largest software registry and maintains the npm software package management application, today announced the acquisition of ^Lift ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
Bleeping Computer

npm package with 1.4M weekly downloads ditches npmjs.com for own CDN

In a surprising move, the popular open source project, SheetJS aka "xlsx," has dropped support for the npm registry. Downloaded about 1.4 million times weekly on npm, SheetJS is relied upon by NodeJS ...
Windows Report

Microsoft Links Mastra AI npm Supply Chain Attack to North Korean Sapphire Sleet Hackers

Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
ZDNet

Hundreds more packages found in malicious npm 'factory'

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor ...
Bleeping Computer

NPM packages posing as speed testers install crypto miners instead

A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the ...
DataBreachToday

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...
Business Wire

npm, Inc. Releases npm@6 Package Manager with Powerful, Built-In Security Protections

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., which runs the world’s largest software registry and maintains the `npm` software package management application, today announced npm@6, a major update to ...
Dark Reading

Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info

Four packages containing highly obfuscated malicious Python and JavaScript code were discovered this week in the Node Package Manager (npm) repository. According to a report from Kaspersky, the ...
InfoQ

Npm, Inc. Announces Npm Pro for Independent JavaScript Developers

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Birgitta Böckeler, Distinguished Engineer at ...
InfoQ

Npm 7 Now Generally Available, Supports Workspaces and Deterministic Builds

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...