Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...
ZDNet

Show-stopping bug appears in npm Node.js package manager

Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported ...

Bitwarden Confirms Compromise—Here Are The Facts

Bitwarden has confirmed a serious security incident in which a compromised product was made public. Here's why most users ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
TheServerSide

GitHub's NPM acquisition sparks Microsoft-related worries

GitHub's acquisition this week of NPM Inc., a prominent player in the JavaScript ecosystem, has sparked both worry and welcome from users of the ubiquitous programming language. The company hosts Node ...

Checkmarx-style supply chain attack hits password manager Bitwarden

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...