Sep 23, 2025 · Conduct a dependency review of all software leveraging the npm package ecosystem. Check for package-lock.json or yarn.lock files to identify affected packages, …

In September 2025, attackers successfully compromised 18 widely used NPM packages, including debug, chalk, ansi-styles, and strip-ansi. These packages collectively have billions of …

Sep 9, 2025 · A phishing-led npm supply chain attack briefly compromised 18 popular packages (~2.6B weekly downloads), injecting code to hijack crypto wallet transactions. Malicious …

The following cheatsheet covers several npm security best practices and productivity tips, useful for JavaScript and Node.js developers. This list was originally based on the 10 npm security …

Mar 27, 2025 · Researchers found malicious packages on the npm registry that, when installed, inject malicious code into legitimate npm packages already residing on developers’ machines.

Sep 8, 2025 · There were two key ways this vulnerability could have put organizations at risk: One of the compromised packages was used for the first time, and the malicious version ended up …

Audits NPM, Yarn, and PNPM projects in CI environments.

Jan 15, 2025 · On December 28, 2024, three malicious packages were uploaded to the NPM ecosystem: These packages came from different contributors and appeared legitimate at first …

Oct 2, 2023 · Over the past few months, the FortiGuard Labs team has discovered several malicious packages hidden in NPM (Node Package Manager), the largest software registry for …

Jul 23, 2025 · Using npm you can add packages to your project. When you install any package you get the count of security vulnerabilities, this vulnerabilities are exposed weaknesses that …