The Hacker News

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
GovInfoSecurity

Researchers Spot New Shai Hulud Variant

Hackers behind the Shai Hulud malicious npm JavaScript campaign are likely testing a new variant of the malware. Security ...
The Hacker News

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...
Windows LatestOpinion

JavaScript creator warns against “rushed web UX over native” as Windows 11 leans harder on WebView2 and Electron

JavaScript creator says rushed web UX causes bloat and points to WebView2/Electron as Windows 11’s bigger problem.
GitHub

nrm -- npm registry manager

$ nrm ls * npm ----- https://registry.npmjs.org/ yarn ----- https://registry.yarnpkg.com/ tencent ----- https://mirrors.tencent.com/npm/ cnpm ----- https://r.cnpmjs ...

Worrying WhatsApp attack can steal messages and even accounts

Taking over WhatsApp accounts "The package wraps the legitimate WebSocket client that communicates with WhatsApp. Every ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
GitHub

Gradle Plugin for Node

The plugin is published in the Gradle plugins portal with the com.github.node-gradle.node identifier. It supports Gradle 6.6 and newer, Node.js 10 and newer, and npm 7 or newer. For npm 6 support use ...