GitHub

louiss0/javascript-package-delegator

This eliminates the need to remember different commands or continuously switch between package managers when collaborating in diverse teams or managing multiple projects. jpd provides a unified ...
CSOonline

Devs looking for OpenClaw get served a GhostClaw RAT

A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research ...
Bleeping Computer

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to ...
InfoWorld

Beyond NPM: What you need to know about JSR

NPM, the Node Package Manager, hosts millions of packages and serves billions of downloads annually. It has served well over the years but has its shortcomings, including with TypeScript build ...
Ars Technica

In 1995, a Netscape employee wrote a hack in 10 days that now runs the Internet

Thirty years ago today, Netscape Communications and Sun Microsystems issued a joint press release announcing JavaScript, an object scripting language designed for creating interactive web applications ...
TechCrunch

OpenAI’s new browser is a broadside shot at Google

Today, OpenAI launched its new Atlas web browser in a surprise livestream. The show started with CEO Sam Altman, speaking directly to the audience. “We think AI represents a rare, once-a-decade ...
SD Times

Chainguard launches trusted collection of verified JavaScript libraries

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
HHS

Shai Hulud Burrows Into NPM Repository

An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
adtmag.com

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The notification arrived on September 14, 2025, at 17:58 UTC. Somewhere in the sprawling npm registry—home to 2.5 million JavaScript packages that power everything from banking apps to smart ...
decrypt

'Widespread' Crypto Exploit That Created Panic Steals Only $1K From Users

Add Decrypt as your preferred source to see more of our stories on Google. A large-scale hacking exploit targeting JavaScript code with malware that raised alarms earlier this week has managed to ...
dlnews

Huge malware attack targeting crypto exposes DeFi’s Achilles heel

Hackers poisoned JavaScript packages with crypto-stealing malware. The large scale attack exposes a DeFi weak point. The attackers have only stolen a minimal amount so far. GM, Tim here. DeFi is ...