Bleeping Computer

Compromised JavaScript Package Caught Stealing npm Credentials

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
VentureBeat

Facebook open-sources Yarn, a JavaScript package manager

Facebook today is open-sourcing Yarn, a package manager for efficiently installing JavaScript packages that represent dependencies for applications. Yarn is available now on GitHub under a ...
SD Times

GitHub acquires JavaScript package manager provider npm

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
InfoQ

The Deno Team Releases JSR, a New JavaScript Package Registry

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Bleeping Computer

JavaScript Packages Caught Stealing Environment Variables

On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects.
Dark Reading

JFrog's New Tools Flag Malicious JavaScript Packages

DevOps security firm JFrog released three open source security tools in response to recent issues with software registry npm to help JavaScript developers detect and prevent the installation of ...
InfoQ

pnpm: a Space-Efficient JavaScript Package Manager

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...