npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
InfoWorld

Inside NPM: Building and sharing JavaScript packages

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS. If you’re building JavaScript ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...