Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
Microsoft officially announced TypeScript 7.0 Beta on April 21, 2026. The company says TypeScript 7.0 is often 10 times faster than 6.0. The beta ships through @typescript/native-preview@beta and tsgo ...
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it ...
Rsbuild 2.0 relies on Rspack 2.0, modernizes defaults (ESM-first, Node 20) and reduces dependencies. New APIs enhance ...
SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results