News
GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?
The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback