InfoWorld

Node.js alert: Google engineer finds flaw in NPM scripts

Node.js developers, run NPM install at your own risk -- a self-replicating worm can easily spread through the ecosystem Never assume a file downloaded from the Internet is safe. That warning also ...
InfoWorld

NPM 4 seeks to fix JavaScript package search

Other breaking changes include removal of the npat config setting, deprecation of the prepublish lifecycle script, and discontinuation partial shrinkwraps NPM Inc. is offering version 4.0.0 of the NPM ...
CSOonline

NPM JavaScript registry suffers massive influx of malware, report says

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.