Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
How-To Geek on MSN
I stopped maintaining 30 JSON files by hand with this one tool
Connect all your configuration files and autogenerate code—Jsonnet is the missing piece for large code bases.
valid-repository-directory Enforce that if repository directory is specified, it matches the path to the package.json file 📦 💡 This group of rules allows you to require that the associated top-level ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the ...
This is a fully featured package.json scaffolding tool. It goes above and beyond the basic npm init by supporting (almost) all of the keys you can set in a package.json. It can be used as a simple cli ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results