News

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with ...
CSOonline3y

Developer sabotages own npm module prompting open-source supply chain ...

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity.
IT News For Australia Business3y

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package.