InfoWorld

Did your npm pipeline break today? Check your ‘classic’ tokens

A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...
CSOonline

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers. A new version of the Shai-Hulud credentials-stealing ...