InfoWorld

GitHub bolsters NPM access control

New granular access tokens allow NPM package maintainers to restrict which packages, scopes, and organizations a token has access to. Looking to improve the safety and security of NPM JavaScript ...

Shai-Hulud cyberattack hits over 25,000 npm projects, stealing developer credentials

Shai-Hulud cyberattack targets more than 25,000 npm projects, stealing developers' credentials.
CSO Online

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...
Crowdfund Insider

Regtech SlowMist Analyzes Malicious Code Stealing Sensitive Keys, Private Information

Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.
Dark Reading

Shai-hulud 2.0 Variant Threatens Cloud Ecosystem

The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, ...
Crypto News

Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...