Tag
npm-security
Safeguard articles tagged "npm-security" — guides, analysis, and best practices for software supply chain and application security.
123 articles
Vulnerabilities
Node.js Vulnerabilities: Tracking and Patching at Scale
How to actually keep up with Node.js vulnerabilities across dozens of services — where advisories come from, what to automate, and what still needs a human.
Feb 19, 20255 min read
Threat Intelligence
North Korean Threat Actors Flood npm with Malicious Packages
In 2024, DPRK-linked groups dramatically escalated their campaign to compromise developers through malicious npm packages, using fake job offers and typosquatting to deploy infostealers and backdoors.
Sep 1, 20246 min read
Supply Chain Attacks
ESLint Supply Chain Attack: Malicious npm Packages Targeting Developers
Attackers published malicious packages impersonating ESLint on npm, exploiting developer trust in the popular linting tool to steal credentials.
Feb 3, 20236 min read