A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...

轻量级 JavaScript 实用工具库 "is" 是 NPM 平台上的热门项目，每周下载量超过 220 万次。然而在 2025 年 7 月 19 日，该库开发者遭遇钓鱼攻击导致账户凭证泄露，攻击者借此发布了包含远程代码执行后门的恶意版本。 钓鱼攻击入侵开发者账户 据报告，项目维护者 John ...

IT之家 5 月 9 日消息，Node.js，这一广受欢迎的开源跨平台 JavaScript 运行环境，正式发布了 24.0 版本，新版本承诺带来更强的性能、更高的安全性以及更顺畅的开发体验。 Node.js 24.0 的亮点之一是 V8 JavaScript 引擎升级至 13.6 版本，引入了 Float16Array、显式资源管理 ...

An update to a tiny JavaScript library has thrown a large part of the JavaScript ecosystem into chaos on Saturday, with millions of projects believed to have been impacted. Making the entire situation ...

Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of ...

The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript ...

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.