NodeSource’s Certified Modules service, intended to ensure the safety of NPM modules, becomes generally available on Thursday. Previously available only in a private beta stage, the service for ...

New developments in the popular Node.js ecosystem include curated Certified Modules from NodeSource and a free version of the Orgs collaboration tool from npm Inc. Node.js is an open source, ...

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...

In addition to runtime, URL parsing, and buffer improvements, the new release promises to preserve native module dependencies across upgrades Node.js, the popular server-side JavaScript platform, has ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...