GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased ...
Cybercriminals use fake troubleshooting websites to trick Mac users into running terminal commands that install Shamos malware through ClickFix tactics.
Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...
Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will ...
A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm ...
A decade-long RubyGems maintainer, Ellen Davis (also known as duckinator), has resigned from Ruby Central following what she ...
Hardly a week goes by that there isn’t a story to cover about malware getting published to a repository. Last week it was ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback