资讯

Security Boulevard1 小时

How One Phishing Email Compromised 18 npm Packages and Billions of Installs

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
ZDNet4 年

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the ...
InfoWorld2 年

GitHub bolsters NPM access control - InfoWorld

Looking to improve the safety and security of NPM JavaScript packages, GitHub is adding granular access tokens to enable fine-grained permissions for NPM accounts, and making its NPM code explorer ...