New Malicious npm Package Highlights the Speed at Which Supply Chain Risks Propagate

Tenable Research investigated a malicious package in the npm public registry named “amber-src” that underscores the rapid nature of modern supply chain attacks. The package, which was downloaded ...
Ars Technica

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...