How-To Geek: NPM packages are infected with malware, again. βIt should be noted that the issue actually seems to spill over into the Maven ecosystem. Researchers observed that the malicious payload was present in org.mvnpm:posthog-node, a Maven artifact automatically generated from npm packages. This confirms that the automated bridging of software ecosystems can inadvertently bridge security [β¦]
https://rbfirehose.com/2025/11/26/how-to-geek-npm-packages-are-infected-with-malware-again/
π Oh joy, another thrilling episode of "Whack-a-Mole: Software Edition," where 300+ NPM packages show us that open source security is an oxymoron! π #HelixGuard struts in with their clipboard and magnifying glass, ready to save the dayβright after the damage is done. ππ
https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24 #openSourceSecurity #NPMpackages #softwareVulnerabilities #cybersecurity #HackerNews #ngated
Moving Beyond the NPM elliptic Package
If you're in a hurry, head on over to soatok/elliptic-to-noble and follow the instructions in the README in order to remove the elliptic package from your project and all dependencies in node_modules. Art: CMYKat Why replace the elliptic package? Yesterday, the Trail of Bits blog published a post about finding cryptographic bugs in the elliptic library (a Javascript package on NPM) by using the Wycheproof.
http://soatok.blog/2025/11/19/moving-beyond-the-npm-elliptic-package/
#npm #crypto #cryptography #elliptic #security #infosec #cve #mitigation #appsec #javascript #js #npm #npmsecurity #npmpackages
There's a new release for bgg-client, my JavaScript library for making it easier to use the BoardGameGeek API in your apps!
I've added validation, and have done a lot of work behind the scenes to ensure data integrity, more consistent typing, and better type-safety.
Just dropped a new release of bgg-client with a breaking change:
An API key from BoardGameGeek is now required.
π©β¨ "Let the little guys in," they say, as if trusting your bank account and ChatGPT with any random npm package is the next big thing! π€‘ Hereβs a revolutionary thought: instead of locking down data, letβs just open the floodgates and watch as the personalized web devolves into majestic chaos. ππ
https://arjun.md/little-guys #OpenData #WebChaos #npmPackages #TrustInTech #PersonalizedWeb #HackerNews #ngated
A colleague pointed me to this:
https://www.reversinglabs.com/blog/ethereum-contracts-malicious-code
TLDR: Some #malware in fake #npmpackages downloaded and executes commands stored in an #Ethereum #smartcontract , effectively abusing the contract as a command-and-control server.
Malicious npm Packages Exploit Ethereum Smart Contracts
https://www.infosecurity-magazine.com/news/malicious-npm-packages-exploit/
#Infosec #Security #Cybersecurity #CeptBiro #NpmPackages #Exploit #Ethereum #SmartContracts
Scavenger Malware Compromises Popular npm Packages to Target Developers
https://gbhackers.com/scavenger-malware-compromises-popular-npm-packages/
#Infosec #Security #Cybersecurity #CeptBiro #Scavenger #Malware #npmPackages #Developers
i keep forgetting to update packages whom i dont use often, cons of installing packages as standalone, but still way easier than rebuilding packages from source after every major update.
#npm #NPMPackages
Malicious NPM packages target PayPal users
https://securityaffairs.com/176530/security/malicious-npm-packages-to-steal-paypal-credentials.html
#Infosec #Security #Cybersecurity #CeptBiro #NPMpackages #PayPalUsers
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials
https://gbhackers.com/lazarus-hackers-exploit-6-npm-packages/
#Infosec #Security #Cybersecurity #CeptBiro #Lazarus #Exploit #NPMPackages #LoginCredentials
Malicious npm Packages Attacking Developers To Steal Sensitive Data Including Private Keys
https://cybersecuritynews.com/malicious-npm-packages-attacking-developers/
#Infosec #Security #Cybersecurity #CeptBiro #npmPackages #Developers #Steal #SensitiveData #PrivateKeys
Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner
https://hackread.com/supply-chain-attack-rspack-vant-npm-monero-miner/
#Infosec #Security #Cybersecurity #CeptBiro #SupplyChainAttack #Rspack #Vant #NpmPackages #MoneroMiner
Level up your @react game βοΈ with these handpicked π€ NPM packages! π From state management to UI components, discover tools that'll supercharge your projects. β‘
π https://www.wrappixel.com/best-react-npm-packages/
#React #NPMPackages #webdesign #reactdevelopers #Frontend #Development #Coding #Tech #Software #Programming #WebDevelopment #UI #UX #Design #Developer #Code #SoftwareEngineer #WebDeveloper #FrontendDeveloper #Tools #resources
