App Developer Magazine

npm@6 package manager brings new security features

npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the ...
Bleeping Computer

NPM fixes private package names leak, serious authorization bug

The largest software registry of Node.js packages, npm, has disclosed multiple security flaws that were identified and remedied recently. The first flaw concerns leak of names of private npm packages ...
Dark Reading

Npm Plagued With 'Manifest Confusion' Malware-Hiding Weakness

A weakness in Node Package Manager (npm) could allow anybody to hide malicious dependencies and scripts within their packages, a former GitHub employee claims. Npm is owned by GitHub and is used for ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...