The Hacker News

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...

Claude Code trojan found in NPM

Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...
Developer Tech

Malware campaign on npm steals AWS, GCP, and Azure cloud keys

An advanced malware campaign on the npm registry steals the very keys that control enterprise cloud infrastructure.

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
TWCN Tech News

Setup Node.js development environment on Windows

A little bit about Node.js, it is a beautifully written cross-platform open-source JavaScript runtime environment built on Google’s Chrome’s V8 JavaScript engine. Node.js basically lets you code ...
ZDNet

npm bans terminal ads

After last week a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and plans ...
Redmond Magazine

GitHub Buying JavaScript Company npm Inc.

GitHub, part of Microsoft, announced on Monday that it's agreed to acquire open source JavaScript solutions company npm Inc. Financial terms of the deal weren't described. Nat Friedman, GitHub's CEO, ...