Bleeping Computer

npm package with 1.4M weekly downloads ditches npmjs.com for own CDN

In a surprising move, the popular open source project, SheetJS aka "xlsx," has dropped support for the npm registry. Downloaded about 1.4 million times weekly on npm, SheetJS is relied upon by NodeJS ...
Bleeping Computer

Popular npm linter packages hijacked via phishing to drop malware

Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The attacker(s) used stolen ...
heise online

npmx.dev: New website for npm package search

The open-source project npmx is used for fast searching of npm packages. It focuses on UX, displays vulnerability warnings, and offers a dark mode. On the new website npmx.dev, developers can search ...