Bleeping Computer

npm packages caught serving TurkoRAT binaries that mimic NodeJS

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...
ZDNet

GitHub tackles severe vulnerabilities in Node.js packages

GitHub has resolved numerous vulnerabilities in Node.js packages tar and @npmcli/arborist, with the worst allowing file overwrites and arbitrary code execution. On Wednesday, GitHub said the company ...
MyBroadband

Researchers discover rogue Node.js packages stealing data

Security researchers from ReversingLabs discovered that 25 software packages available through the node package manager (NPM) have been stealing end-user data. NPM is the world’s largest open-source ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
The Tech Edvocate

How to update Node.js

Spread the love“`html Node.js has emerged as a powerhouse in the world of server-side development. As developers continuously create and evolve applications, keeping your Node.js environment ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.
heise online

Node.js: Updated versions patch high-risk security vulnerabilities

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime environment Node.js. Updated versions, announced in mid-December, have now been ...
InfoWorld

Open source JavaScript, Node.js devs get NPM Orgs for free

NPM Inc.’s NPM Orgs tool, which has been available as a paid service for JavaScript and Node.js development teams collaborating on private code, is now available for free use by teams working on open ...