A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

JavaScript is a sprawling and ever-changing behemoth, and may be the single-most connective piece of web technology. From AI ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

作者 | Bruno Couriol译者 | 平川Node.js 团队 最近发布了 Amaro v1.0.0，向稳定支持 TypeScript 迈出了重要一步。Amaro 是 Node 官方提供的类型剥离加载器，也是官方.ts 加载的重要基础。长期以来，Node.js 一直缺乏对 TypeScript 的支持，开发者不得不依赖第三方工具链或使用像 Deno 这样的 JavaScript 运行时替代 ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Binance reassures customers after a massive NPM supply chain attack injects malicious code into 18 popular JavaScript ...

Mosyle security firm has discovered malware bypassing antivirus software on Windows, macOS, and Linux. The research firm ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

ModStealer 不仅针对 macOS，还能在 Windows 和 Linux 系统运行，其核心目的是窃取数据，尤其是加密货币钱包、账号凭证、配置文件和证书。研究人员发现，该恶意软件内置针对 56 种浏览器钱包扩展（包括 ...