Threat Post

Discord-Stealing Malware Invades npm Packages

The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share ...
Bleeping Computer

Compromised JavaScript Package Caught Stealing npm Credentials

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
CNBC

Microsoft's GitHub agrees to buy code-distribution start-up Npm

Npm Inc. runs a service many developers use to install software on computers. Microsoft-owned GitHub said it will continue to operate the Npm public registry for distributing JavaScript code.