Content Paint
Search
Sign in
Membership

NPM

 |  cybersecurity  | Jun 16, 2026
What is npm doing to protect the JavaScript ecosystem – and is it enough?
What is npm doing to protect the JavaScript ecosystem – and is it enough?

npm’s attempts to make package publishing safer haven’t stemmed the relentless supply chain attacks: Are they on the right track?

Security  | Mar 31, 2026
Hugely popular npm package, Axios, compromised
Hugely popular npm package, Axios, compromised

“This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package."

 |  Data  | Sep 24, 2025
“My worst fears came true” - hacked maintainer hits out at npm
“My worst fears came true” - hacked maintainer hits out at npm

“You now have this ongoing security incident and nobody of any particular clear authority being able to take control of it. That's a lot of chaos”

 |  Data  | Sep 16, 2025
Hackers drop 'self-propagating’ malware in fresh supply chain attack
Hackers drop 'self-propagating’ malware in fresh supply chain attack

The malicious code creates a 'cascading compromise effect' into dependent ecosystems across npm's registry.

 |  Developer  | Sep 10, 2025
npm attack: calamity averted, what now?
npm attack: calamity averted, what now?

Protect yourself from malicious "phish" swimming upstream in OSS package consumption.

Security  | Aug 03, 2022
GitHub supply chain attack cloned thousands of projects, spoofed genuine users
GitHub supply chain attack cloned thousands of projects, spoofed genuine users

"No-one has the time or sanity to audit every thing every build process pulls in."

Interviews, insight, intelligence, and exclusive events for digital leaders.

© 2026 The Stack
©  2026 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.