&& npm
No mentions found
This entity hasn't been tracked yet, or Iris is still building its knowledge base.
Related Articles from SNS
Upcoming breaking changes for NPM v12
Upcoming breaking changes for npm v12 Our next npm major version, v12, introduces security-related default changes to npm install . All these changes are available behind warnings in npm today on 11.16.0 or newer, so you can prepare before the upgrade. v12 is estimated to release in July 2026.
GitHub pulls pin on npm's auto-run scripts
GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm. Maintainer Leo Balter said: "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem. Every npm install runs scripts from every transitive dependency, so a single compromised package anywhere in your tree can execute arbitrary code on a developer machine or...
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
Security researchers on Monday found dozens of Red Hat npm package releases infected with the Mini Shai-Hulud worm that TeamPCP cybercriminals recently open-sourced. The new supply chain attack hit at least 32 npm package releases published under the Red Hat Cloud Services namespace, according to security researchers from Google-owned Wiz, who traced the malware to one Red Hat employee’s compromised GitHub account. They said the affected packages are downloaded around 80,000 times a week.
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to Microsoft. It’s the latest in a seemingly never-ending string of supply chain attacks targeting developer tools, and stealing cloud credentials and CI/CD pipeline secrets in its wake. Using a newly created maintainer alias, vpmdhaj (a39155771@gmail[.]com), the threat actor published 14 packages...
Dozens of Red Hat packages backdoored through its official NPM channel
Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said. The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It’s the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in...
NPM packages from RedHat have been compromised
- Notifications You must be signed in to change notification settings - Fork 33 [SECURITY]: Malicious npm releases detected across @redhat-cloud-services/ scope #492 Copy link Copy link Open Description Ref: - https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised - https://app.stepsecurity.io/oss-security-feed?q=@redhat-cloud-services Affected Packages | Package | Compromised Version | |---|---| @redhat-cloud-services/chrome | 2.3.1 |...
Show HN: Solving complex optimization problems with Google OR-Tools in browser
Solve complex optimization models from TypeScript with Google OR-Tools running as multithreaded WebAssembly. Used in PragmaPlanner Run the local test site: npm install npm run dev Install from npm: npm install or-tools-wasm Import the solver API you need from its subpath: import { CpSat } from 'or-tools-wasm/cp-sat'; Public solver APIs live under solver-scoped subpaths: import { CpModel, CpSolver } from 'or-tools-wasm/cp-sat'; import { RoutingIndexManager, RoutingModel } from...
The IsUpMap lets you check the status of over 100 major sites at once
Live status for 80+ popular internet services isUpMap is a real-time status heatmap that checks whether the services you depend on are up, degraded, or down right now. The live dashboard requires JavaScript, but here's what we monitor: - AI: OpenAI, Anthropic, xAI, Groq, Perplexity, Hugging Face, ElevenLabs, Cursor and more. - Developer & Cloud: GitHub, Cloudflare, AWS, Vercel, Netlify, npm, Docker, GitLab, Supabase, Firebase. - Payments: Stripe, Coinbase, Shopify, Plaid, Square, Klarna. -...