Bleeping Computer

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

Claude Code trojan found in NPM

Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...