The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
SiliconANGLE

Checkmarx warns of unknown threat actor targeting developers through NPM packages

Researchers at application security testing firm Checkmarx Ltd. today detailed a previously unknown threat actor leveraging NPM packages to target developers to steal source code and secrets. The ...

npmx package browser released as alpha to fix pain of using npmjs

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...
InfoWorld

Inside NPM: Building and sharing JavaScript packages

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS. If you’re building JavaScript ...
Threat Post

Discord-Stealing Malware Invades npm Packages

The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share ...
CSOonline

Malicious campaign uses npm packages to support phishing attacks

Researchers have identified yet another malicious use for JavaScript packages hosted on the npm registry: hosting files required by automated phishing kits or slipping phishing pages into applications ...