Hacker News
- NPM package event-source-polyfill compromised by political activists https://github.com/Yaffle/EventSource/blob/de137927e13d8afac153d2485152ccec48948a7a/src/eventsource.js 241 comments
- NPM package compromised by author: erases files on RU / BY computers on install https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 164 comments
- Compromising Angular via expired NPM publisher email domains https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/ 75 comments
- NPM package ‘ua-parser-JS’ with more than 7M weekly download is compromised https://old.reddit.com/r/programming/comments/qdlela/breaking_npm_package_uaparserjs_with_more_than_7m/ 141 comments
- Compromised NPM packages of ua-parser-JS (0.7.29, 0.8.0, 1.0.0) https://github.com/faisalman/ua-parser-js/issues/536 6 comments
- Compromising the integrity of the npm registry http://andyet.net/blog/2012/mar/8/compromising-the-integrity-of-the-npm-registry/ 2 comments
- BREAKING!! NPM package ‘ua-parser-js’ with more than 7M weekly download is compromised https://github.com/faisalman/ua-parser-js/issues/536 937 comments programming
- Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/ 4 comments programming
- Compromised JavaScript Package Caught Stealing npm Credentials https://www.bleepingcomputer.com/news/security/compromised-javascript-package-caught-stealing-npm-credentials/ 4 comments webdev
- HTTP(S) connections to registry.npmjs.org are not validated, package database not validated; DNS injection could compromise users of npm https://github.com/isaacs/npm/issues/1204 9 comments netsec