Open source software developers’ reputations could be abused to spread malicious NPM packages without their knowledge or consent, security researchers have revealed. On April 26, the...
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the ‘Package Analysis’ tool that aims to catch and...
A ‘logical flaw’ in the npm registry enabled authors of malicious packages to quietly add anyone and any number of users as ‘maintainers’ to their packages in an...
Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. To do this, a maintainer...
This month, the developer behind the popular npm package ‘node-ipc’ released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. Newer versions of the ‘node-ipc’ package began...
The largest software registry of Node.js packages, npm, has disclosed multiple security flaws that were identified and remedied recently. The first flaw concerns leak of names of private npm...
Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain...
Microsoft has once again been successfully hit by a dependency hijacking attack. Previously, as first reported by BleepingComputer, a researcher had ethically hacked over 35 major tech...
GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python developers who...
Popular npm library netmask has a critical networking vulnerability. netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare...
Recent Comments