Ledger attributed the exploit to a phishing attack targeting a former employee
Linux Foundation's OpenSFF releases npm security guide while US agencies NSA and CISA advise on hardening the component supply chain
Both attacks appears to be the work of the same actor
The attacker created dozens of malicious counterparts that had the same name as existing @azure scope packages
Initial versions of 'protestware' module added to npm-ipc wiped data on users' devices
Malicious typosquatting packages prey on naive users or developers who make a slight typographical error
faker.js and color.js started generating gibberish data after a developer update
Node.js package manager npm will continue to be supported as part of GitHub, says CEO Nat Friedman
The package has been downloaded 32 times by developers