Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: npm registry

CISA, secure by design, ReversingLabs, open-source, AI, cybersecurity, tooling, CISA Security Scribe ReversingLabs software supply chain cybersecurity - software supply chain security - risks - cyberattacks - Log4J - vulnerabilities

‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses

| | Aikido Security, Bun, Git dependency, github, Koi Security, microsoft, npm registry, PhantomRaven, PNPM, remote code execution, Shai-Hulud worm, supply chain attack, VLT
In the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...
CISA, secure by design, ReversingLabs, open-source, AI, cybersecurity, tooling, CISA Security Scribe ReversingLabs software supply chain cybersecurity - software supply chain security - risks - cyberattacks - Log4J - vulnerabilities

Attackers Testing New Strain of Shai-Hulud on npm: Aikido

| | Aikido Security, GitHub repositories, information stealing, JavaScript, leaked secrets, npm registry, Shai-Hulud worm
Threat actors behind the virulent Shai-Hulud worm that wreaked havoc in open npm repositories toward the end of 2025 apparently are trying out a new strain that comes with slight modifications. Security ...
Malicious VS Code Extensions Take Screenshots, Steal Info

Malicious VS Code Extensions Take Screenshots, Steal Info

| | AI coding assistant, CI/CD, crates.io security, github, infostealer, Koi Security, Lightshot, malicious extensions, npm registry, VS Code
Developers were the targets of two new malicious Microsoft Visual Studio Code (VS Code) extensions created by a threat actor that security researchers believe is experimenting with methods for delivering information-stealing malware ...
chainguard, supply chain, security,

Malicious Nx Packages Used in Two Waves of Supply Chain Attack

| | github, npm registry, supply chain attacks
The Nx build system was hit by a supply chain attack dubbed “s1ngularity,” leaking thousands of secrets and exploiting AI tools for data theft ...
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust

| | Amit Zavery, azure, code repo, code repositories, code repository, GOOG, GOOGL, google, Google Cloud, IaaS, microsoft, Microsoft Azure, MSFT, NPM, npm registry, open source, public repository, Repos, repositories, repository, Repository Security, SEO, Software Supply Chain, software supply chain attacks, Software Supply Chain Security, Software Supply Chains, softwaresupplychain, source code repository, spam, supply chain, supply chain attacks, supply chain security, The Long View
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
Speed NPM Releases NPM Registry

Speed NPM Releases and Gain Confidence Using an NPM Registry

| | development, NPM, npm registry
Building applications in the NPM development life cycle can be very complex. Let’s review the main factors that contribute to this complexity: An endless number of variables: Building applications involves a huge ...