The Hacker News

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...
Bleeping Computer

npm dependency is breaking some React apps today — here's the fix

Tons of users are reporting their Facebook Create React App builds are failing since yesterday. The cause has been traced down to a dependency used by create-react-app, the latest version of which is ...
InfoWorld

Wave of npm supply chain attacks exposes thousands of enterprise developer credentials

A sophisticated supply chain attack has compromised the widely-used Nx build system package and exposed thousands of enterprise developer credentials. The campaign weaponized artificial intelligence ...
Ars Technica

Destructive malware available in NPM repo went unnoticed for 2 years

Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open ...