ZDNet

Show-stopping bug appears in npm Node.js package manager

Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported ...
Bleeping Computer

NPM ecosystem at risk from “Manifest Confusion” attacks

The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware ...
adtmag.com

npm Puts Enterprise JavaScript Manager on AWS Cloud

Rebounding from some unwanted publicity and developer angst, npm Inc. has simplified the process of using its enterprise-oriented JavaScript package manager in the cloud. npm Enterprise is now ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 according to new research

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...
Morning Overview on MSN

Malicious open-source packages surge 73% in 2026 as threat actors weaponize the software supply chain

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

Bitwarden Confirms Compromise—Here Are The Facts

Bitwarden has confirmed a serious security incident in which a compromised product was made public. Here's why most users ...
Business Wire

npm, Inc. Releases npm@6 Package Manager with Powerful, Built-In Security Protections

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., which runs the world’s largest software registry and maintains the `npm` software package management application, today announced npm@6, a major update to ...