Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux SystemsThree malicious npm packages disguised as a Telegram bot library have been found, containing SSH backdoors and data exfiltration functionalities.
'Package confusion' attack against NPM used to trick developers into downloading malwareBlockchain communication offers both advantages and drawbacks for malware C2, hindering its widespread use.
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm PackagesNorth Korean threat actors are using npm packages to spread BeaverTail malware and a new RAT loader, indicating advanced obfuscation techniques.
XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto MinerA software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.
Here's how carefully concealed backdoor in fake AWS files escaped mainstream noticeSophisticated attackers embedded backdoors in fake AWS packages on NPM, highlighting the challenge in detecting such threats in open source repositories.
Hackers abuse NPM code registries via Ethereum networkNPM registries are under attack from malicious packages leveraging typosquatting, targeting developers' systems.287 malicious packages discovered affect prominent libraries.Hackers utilize Ethereum smart contracts to obscure their true origins.
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux SystemsThree malicious npm packages disguised as a Telegram bot library have been found, containing SSH backdoors and data exfiltration functionalities.
'Package confusion' attack against NPM used to trick developers into downloading malwareBlockchain communication offers both advantages and drawbacks for malware C2, hindering its widespread use.
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm PackagesNorth Korean threat actors are using npm packages to spread BeaverTail malware and a new RAT loader, indicating advanced obfuscation techniques.
XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto MinerA software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.
Here's how carefully concealed backdoor in fake AWS files escaped mainstream noticeSophisticated attackers embedded backdoors in fake AWS packages on NPM, highlighting the challenge in detecting such threats in open source repositories.
Hackers abuse NPM code registries via Ethereum networkNPM registries are under attack from malicious packages leveraging typosquatting, targeting developers' systems.287 malicious packages discovered affect prominent libraries.Hackers utilize Ethereum smart contracts to obscure their true origins.
Create and Publish Packages: A Modern ApproachUse the Bit Platform for simplified package management and publishing without complex setups.
My failed attempt to shrink all npm packages by 5%Using Zopfli for npm packages could reduce their size by about 5%, but its slower speed limits its practicality.
Create and Publish Packages: A Modern ApproachUse the Bit Platform for simplified package management and publishing without complex setups.
My failed attempt to shrink all npm packages by 5%Using Zopfli for npm packages could reduce their size by about 5%, but its slower speed limits its practicality.
How to Automatically Publish Your NPM Package Using GitHub Actions | HackerNoonAutomating npm package publishing through CI/CD increases quality, ensures consistent versioning, and streamlines collaboration among contributors.
Solana JavaScript SDK backdoored to steal keys, fundsMalware was introduced in the @solana/web3.js library via a compromised npm account, affecting users who downloaded specific versions.
npm vs. npx: What's the difference? - LogRocket Blognpm is for managing Node.js packages, while npx is for executing packages without installation.Both tools serve different but important roles in Node.js development.
CSSFUNCSSFUN streamlines CSS creation by using JavaScript objects to generate style strings automatically.
Exploring JSR for JavaScript module management - LogRocket BlogJavaScript is widely used for programming due to its versatility and ability to run on various platforms.
Solana JavaScript SDK backdoored to steal keys, fundsMalware was introduced in the @solana/web3.js library via a compromised npm account, affecting users who downloaded specific versions.
npm vs. npx: What's the difference? - LogRocket Blognpm is for managing Node.js packages, while npx is for executing packages without installation.Both tools serve different but important roles in Node.js development.
CSSFUNCSSFUN streamlines CSS creation by using JavaScript objects to generate style strings automatically.
Exploring JSR for JavaScript module management - LogRocket BlogJavaScript is widely used for programming due to its versatility and ability to run on various platforms.
Typosquat campaign impersonates 287+ popular npm packagesA typosquatting campaign targets developers by distributing malicious npm packages disguised as popular libraries, complicating detection through new blockchain-based command control.
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting DevelopersThree npm packages with North Korean malware were discovered, continuing a trend of targeting developers through supply chain attacks.
Typosquat campaign impersonates 287+ popular npm packagesA typosquatting campaign targets developers by distributing malicious npm packages disguised as popular libraries, complicating detection through new blockchain-based command control.
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting DevelopersThree npm packages with North Korean malware were discovered, continuing a trend of targeting developers through supply chain attacks.
GitHub - stackblitz-labs/pkg.pr.new: Continuous (Preview) Releases for your libraries!Continuous Releases streamline access to new features and fixes instantly without traditional release cycles.
Why You Don't Need PNPM And YARN | HackerNoonNode.js developers often debate between npm, yarn, and pnpm for package management, with npm being the default choice due to its seamless integration and stability.
GitHub - stackblitz-labs/pkg.pr.new: Continuous (Preview) Releases for your libraries!Continuous Releases streamline access to new features and fixes instantly without traditional release cycles.
Why You Don't Need PNPM And YARN | HackerNoonNode.js developers often debate between npm, yarn, and pnpm for package management, with npm being the default choice due to its seamless integration and stability.
GitHub - oslabs-beta/flake-guard-alpha: Flaky test management.FlakeGuard helps identify flaky tests for improved reliability in software testing.
20 Javascript Tools Revolutionizing Web Development TodayJavaScript tools play a crucial role in web development, with Webpack for bundling, React for dynamic interfaces, and npm for dependency management and collaboration.
PDF Embed Web Component Available Via NPMPDF-Embed web component wraps Adobe's PDF Embed API for inline PDF display.Developers can progressively enhance user experience with the PDF-Embed component.The component allows for easy PDF embedding while providing potential customizations.
Table-Sorter Available Via NPMThe web component table-sorter is now available on npm for easy installation and use in projects.
PDF Embed Web Component Available Via NPMPDF-Embed web component wraps Adobe's PDF Embed API for inline PDF display.Developers can progressively enhance user experience with the PDF-Embed component.The component allows for easy PDF embedding while providing potential customizations.
Table-Sorter Available Via NPMThe web component table-sorter is now available on npm for easy installation and use in projects.