| 192 |
The Everything NPM Package |
2024-01-06 |
| 133 |
Show HN: Socket – Secure your JavaScript supply chain |
2022-03-01 |
| 127 |
The push to ban ransom payments is gaining momentum |
2024-05-22 |
| 114 |
Social engineering campaign targeting tech employees spreads through NPM malware |
2023-07-25 |
| 77 |
German Court Fines Security Researcher for Reporting Company's Vulnerabilities |
2024-01-23 |
| 65 |
OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident" |
2024-04-17 |
| 64 |
What's Going on Inside Your Node_modules Folder? |
2022-03-02 |
| 62 |
Chinese devs are storing 1000s of eBooks on GitHub and NPM |
2022-11-06 |
| 53 |
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum |
2024-07-06 |
| 42 |
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack |
2024-06-26 |
| 25 |
Automated Spam Campaign Floods GitHub/NPM with 1000s of Garbage Packages |
2024-07-12 |
| 40 |
Curl Project and Go Security Teams Reject CVSS as Broken |
2025-01-24 |
| 31 |
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks |
2025-04-12 |
| 27 |
Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable |
2025-06-18 |
| 45 |
Prettier NPM Packages Compromised in Supply Chain Attack |
2025-07-19 |
| 1231 |
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised |
2025-09-16 |
| 85 |
Active NPM supply chain attack: Tinycolor and 40 Packages Compromised |
2025-09-15 |
| 27 |
DuckDB NPM Account Compromised in Continuing Supply Chain Attack |
2025-09-09 |
| 30 |
Gem.Coop – Community-Run Alternative to Rubygems.org, Led by Former Maintainers |
2025-10-06 |