pull down to refresh

We Just Found Malicious Code in the Popular NPM Packagejdstaerk.substack.com/p/we-just-found-malicious-code-in-the
1497 sats \ 18 comments \ @kristapsk 8 Sep 2025 security
related
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaignthehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html
1134 sats \ 5 comments \ @Scoresby 23 Apr tech devs
'Sha1-Hulud' npm malware is back
377 sats \ 0 comments \ @anon 28 Nov 2025 lightning
Compromised npm package silently installs OpenClaw on developer machineswww.csoonline.com/article/4135449/compromised-npm-package-silently-installs-openclaw-on-developer-machines.html
422 sats \ 4 comments \ @winteryeti 24 Feb AI
Tinycolor npm Package Compromised in (another) Supply Chain Attacksocket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages
1053 sats \ 3 comments \ @aljaz 16 Sep 2025 security
🚨 CRITICAL: supply chain attack on axios
1626 sats \ 8 comments \ @justin_shocknet 31 Mar devs
NPM debug and chalk packages compromisedwww.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
263 sats \ 0 comments \ @hn 8 Sep 2025 tech
NPM security: preventing supply chain attacks | Snyk (2022)snyk.io/blog/npm-security-preventing-supply-chain-attacks/
517 sats \ 20 comments \ @ek 9 Sep 2025 security
PhantomRaven: NPM Malware Hidden in Invisible Dependencieswww.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies
389 sats \ 2 comments \ @kepford 30 Oct 2025 security
Over 100,000 Infected Repos Found on GitHub
1697 sats \ 6 comments \ @0xbitcoiner 29 Feb 2024 security
Malicious Python Packages Replace Crypto Addresses in Developer Clipboardsblog.phylum.io/pypi-malware-replaces-crypto-addresses-in-developers-clipboard
334 sats \ 3 comments \ @rijndael 7 Nov 2022 bitcoin
Experts found 3 malicious packages hiding crypto miners in PyPi repositorysecurityaffairs.com/156897/malware/malicious-packages-pypi-repository.html
813 sats \ 2 comments \ @Gian 5 Jan 2024 security
ECONNREFUSED for `npm install -g pnpm`. help?
259 sats \ 5 comments \ @deSign_r 24 Oct 2024 devs
Which npm package has the largest version number?adamhl.dev/blog/largest-number-in-npm-package/
200 sats \ 3 comments \ @carter 15 Sep 2025 devs
We have identified and removed a malicious version of the Ledger Connect Kittwitter.com/Ledger/status/1735291427100455293
1916 sats \ 16 comments \ @0xbitcoiner 14 Dec 2023 bitcoin
firefox-patch-bin, librewolf-fix-bin and other AUR packages contain malwarelists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/7EZTJXLIAQLARQNTMEW2HBWZYE626IFJ/
408 sats \ 2 comments \ @k00b 24 Jul 2025 security
I built an npm library for L402 Lightning payments
1312 sats \ 1 comment \ @satpath 25 Feb lightning devs
Npm Run Hack:Me - A Supply Chain Attack Journeyrxj.dev/posts/npm-run-hack-supply-chain-attack-journey/
661 sats \ 1 comment \ @k00b 12 Mar 2025 devs
Malicious VSCode extensions with millions of installs discoveredwww.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/
380 sats \ 0 comments \ @Rsync25 9 Jun 2024 security
How we rebuilt Next.js with AI in one weekblog.cloudflare.com/vinext/
1683 sats \ 4 comments \ @winteryeti 26 Feb tech
LiteLLM infected with credential-stealing code via Trivywww.theregister.com/2026/03/24/trivy_compromise_litellm/
503 sats \ 3 comments \ @0xbitcoiner 25 Mar AI
How to Verify the Impact of the Recent NPM Attack on My Wallets?
430 sats \ 29 comments \ @spiderman 11 Sep 2025 bitcoin