NPM
No mentions found
This entity hasn't been tracked yet, or Iris is still building its knowledge base.
Related Articles from SNS
Upcoming breaking changes for NPM v12
Upcoming breaking changes for npm v12 Our next npm major version, v12, introduces security-related default changes to npm install . All these changes are available behind warnings in npm today on 11.16.0 or newer, so you can prepare before the upgrade. v12 is estimated to release in July 2026.
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
Security researchers on Monday found dozens of Red Hat npm package releases infected with the Mini Shai-Hulud worm that TeamPCP cybercriminals recently open-sourced. The new supply chain attack hit at least 32 npm package releases published under the Red Hat Cloud Services namespace, according to security researchers from Google-owned Wiz, who traced the malware to one Red Hat employee’s compromised GitHub account. They said the affected packages are downloaded around 80,000 times a week.
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to Microsoft. It’s the latest in a seemingly never-ending string of supply chain attacks targeting developer tools, and stealing cloud credentials and CI/CD pipeline secrets in its wake. Using a newly created maintainer alias, vpmdhaj (a39155771@gmail[.]com), the threat actor published 14 packages...
Dozens of Red Hat packages backdoored through its official NPM channel
Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said. The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It’s the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in...
NPM packages from RedHat have been compromised
- Notifications You must be signed in to change notification settings - Fork 33 [SECURITY]: Malicious npm releases detected across @redhat-cloud-services/ scope #492 Copy link Copy link Open Description Ref: - https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised - https://app.stepsecurity.io/oss-security-feed?q=@redhat-cloud-services Affected Packages | Package | Compromised Version | |---|---| @redhat-cloud-services/chrome | 2.3.1 |...
Show HN: Solving complex optimization problems with Google OR-Tools in browser
Solve complex optimization models from TypeScript with Google OR-Tools running as multithreaded WebAssembly. Used in PragmaPlanner Run the local test site: npm install npm run dev Install from npm: npm install or-tools-wasm Import the solver API you need from its subpath: import { CpSat } from 'or-tools-wasm/cp-sat'; Public solver APIs live under solver-scoped subpaths: import { CpModel, CpSolver } from 'or-tools-wasm/cp-sat'; import { RoutingIndexManager, RoutingModel } from...
Waterproof Editor: an educational environment for proof assistants and programming languages
arXiv:2606.01875v1 Announce Type: cross Abstract: Waterproof Editor provides an educational environment specifically targeted to teaching with proof assistants or programming languages. It arose from Waterproof, educational software targeted at helping students acquire the skill of giving mathematical proofs. Its original features such as enabling rich formatting and providing clear input areas are now abstracted away in an npm package and can be used in different educational contexts.
Rift: Better Alternative to Git Worktrees
rift: better alternative to git worktrees - copy on write (saves space) - instant (< 0.1s on 10gb folder) - fast cli - use as FFI lib with bun or node mac and linux+btrfs for now more support soon npm install -g rift-snapshot # or bun add -g rift-snapshot Release archives are available from GitHub Releases. | Platform | Backend | Behavior | |---|---|---| | Linux x64 | Writable btrfs snapshots | rift init converts an ordinary directory into a btrfs subvolume.