资讯

Security Boulevard1 天

How One Phishing Email Compromised 18 npm Packages and Billions of Installs

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
GitHub29 天

GitHub - Songmu/laminate: A command-line bridge tool that orchestrates ...

A command-line bridge tool that orchestrates external image generation commands to convert text/code strings to images. - Songmu/laminate ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
GitHub11 天

GitHub - iqbal-rashed/pdftoimg-js: A javascript library that help to ...

PDFtoIMG-JS is a powerful JavaScript library for converting PDF file/files into images (PNG or JPG). It supports both Node.js and browser environments, making it ideal for a wide range of use cases — ...
Cyber Daily1 天

18 popular JavaScript code packages hacked to spread malware

Multiple npm packages have been compromised by a phishing attack in an attempt to spread crypto malware to billions of ...

Major attack on node.js

A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...