If you found a bug or have a suggestion first check if there is a similar open or closed issue. If there are none then create a new one. If you solved a bug or implemented a feature that may be useful ...

Billions (No, that’s not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the JavaScript runtime environment Node.js‘s default ...

On September 8, 2025, the npm ecosystem faced its most damaging supply chain attack to date. With one phishing email, an NPM Package Compromised gave attackers access to 18 high-profile JavaScript ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads. However, they stole less than $50. The largest NPM crypto attack in history ...

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who ...

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.