North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
NPM Inc.’s NPM Orgs tool, which has been available as a paid service for JavaScript and Node.js development teams collaborating on private code, is now available for free use by teams working on open ...
Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Agent workflows make transport a first-order ...
Further, Deno 1.26 updates the Node.js streams implementation to use the readable-stream@4.1.0 NPM module, allowing Deno to better keep up with breaking changes and new features. Within this ...
Two code packages named "nodejs-encrypt-agent" in the popular npm JavaScript library and registry recently were discovered containing the open source information-stealing TurkoRat malware. Researchers ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results