CSOonline

Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack

Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within JavaScript and TypeScript projects, were hijacked after a maintainer fell victim to a ...
TechRadar

More popular npm packages hijacked to spread malware

A npm package maintainer has fallen victim to a phishing attack The attackers accessed packages and updated them to carry malware Most antivirus programs are still not properly flagging the malicious ...
Bleeping Computer

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The ...
heise online

Infostealer for Windows, macOS and Linux found in ten packages on npm

Since the beginning of July, packages with well-hidden malicious code have been available in the JavaScript package manager npm. The company Socket, which specializes in software supply chain security ...