InfoWorld

Did your npm pipeline break today? Check your ‘classic’ tokens

A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...

Gemini's command line tool is a productivity game changer, and it's free - how I use it

If you want to add Gemini AI to your Linux terminal workflow, you'll be surprised at how easy it is to install and use.
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially ...
TechSpot

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
CoinTelegraph

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...
CSOonline

Supply chain attack compromises npm packages to spread backdoor malware

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.
Bleeping Computer

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts ...
InfoQ

JSON Modules Can Now Be Imported in JavaScript in All Modern Browsers, CSS Modules to Follow

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
GitHub

Deno fails to import npm modules

deno 2.2.2 (stable, release, x86_64-unknown-linux-gnu) v8 13.4.114.9-rusty typescript 5.7.3 ... "imports": { "openai": "npm:openai@^4.86.1" } ... deno run --env-file ...
PV Tech

Brazil increases import tariffs on solar modules to 25%

Brazil had already raised its import tax rate on solar modules to 9.6% on 1 January 2024. Image: Unsplash. The Brazilian government has raised the import tax rate on solar modules from 9.6% to 25%.
Ars Technica

Hundreds of code libraries posted to NPM try to install malware on dev machines

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...
Hacker

Claude AI runs JavaScript, Python beats JavaScript on GitHub, & Node.js updates - This Week in JS

We are a weekly podcast and newsletter made to deliver quick and relevant JavaScript updates in just under 4 minutes. We are a weekly podcast and newsletter made to deliver quick and relevant ...