ZDNet

Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem

The npm ecosystem of JavaScript libraries is more interwoven than most developers think, and the entire thing is a gigantic house of cards, being one bad hack away from compromising hundreds of ...
CSOonline

Hackers drop 60 npm bombs in less than two weeks to recon dev machines

Threat actors have likely made off with sensitive host and network information from developers’ systems in a coordinated malware campaign, involving 60 malicious npm packages, that were live for just ...