Skip to content
The Nexus
DossierENTITY

Node Package Manager

Coverage of Node Package Manager in the Nexus archive.

Earliest in view: Apr 22 · 12:57 UTCMost recent: Jun 4 · 15:25 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 4 · 15:25 UTCBLEEPING COMPUTER
    New IronWorm malware hits 36 packages in npm supply-chain attack

    A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.

  • SECURITYMay 19 · 14:30 UTCBLEEPING COMPUTER
    New Shai-Hulud malware wave compromises 600 npm packages

    Threat actors published over 600 malicious packages to the Node Package Manager index as part of a new Shai-Hulud supply-chain campaign, compromising 600 npm packages. This campaign is a significant attack on the software supply chain. The attack was carried out earlier today.

  • SECURITYMay 18 · 17:28 UTCBLEEPING COMPUTER
    Leaked Shai-Hulud malware fuels new npm infostealer campaign

    The Shai-Hulud malware has been leaked and is being used in new attacks on the Node Package Manager index, with infected packages emerging over the weekend. This malware is fueling a new npm infostealer campaign. The attacks are targeting the npm index.

  • SECURITYApr 22 · 12:57 UTCBLEEPING COMPUTER
    New npm supply-chain attack self-spreads to steal auth tokens

    A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and self-spreading by publishing malicious packages from compromised accounts. The attack exploits the npm package distribution system to propagate and exfiltrate authentication tokens.

Node Package Manager · Dossier · The Nexus