On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Multiple npm packages have been compromised by a phishing attack in an attempt to spread crypto malware to billions of ...

A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...