Bleeping Computer

Empty npm package '-' has over 700,000 downloads — here's why

Inside these files—mainly the manifest (package.json) and index.js, there is nothing phenomenally interesting, just skeleton code. The manifest does pull in a bunch of development dependencies ...
Infosecurity Magazine

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

“After GlassWorm showed how quickly a malicious package could self-replicate across npm, and the chalk/debug hijacking ...
SecurityWeek

Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

A threat actor has published tens of thousands of malicious NPM packages that contain a self-replicating worm, security ...
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
The Hacker News

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...