Shai-Hulud cyberattack hits over 25,000 npm projects, stealing developer credentials

Shai-Hulud cyberattack targets more than 25,000 npm projects, stealing developers' credentials.
InfoWorld

GitHub bolsters NPM access control

New granular access tokens allow NPM package maintainers to restrict which packages, scopes, and organizations a token has access to. Looking to improve the safety and security of NPM JavaScript ...
Crowdfund Insider

Regtech SlowMist Analyzes Malicious Code Stealing Sensitive Keys, Private Information

Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.
CSO Online

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...
Crypto News

Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...