InfoQ

npm 4.0 Deprecates Prepublish Lifecycle Script

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Cory Benfield discusses the evolution of ...
Infosecurity-magazine.com

FortiGuard Uncovers Deceptive Install Scripts in npm Packages

A series of malicious packages hidden within the Node Package Manager (npm), the largest software registry for JavaScript, has been uncovered. According to a new advisory published by FortiGuard on ...
CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
InfoWorld

Node.js alert: Google engineer finds flaw in NPM scripts

Node.js developers, run NPM install at your own risk -- a self-replicating worm can easily spread through the ecosystem Never assume a file downloaded from the Internet is safe. That warning also ...
InfoWorld

NPM 4 seeks to fix JavaScript package search

Other breaking changes include removal of the npat config setting, deprecation of the prepublish lifecycle script, and discontinuation partial shrinkwraps NPM Inc. is offering version 4.0.0 of the NPM ...
Windows Central

Microsoft's GitHub acquires npm to help JavaScript developers

Microsoft continues its push towards open source development with its acquisition of npm. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
ZDNet

npm bans terminal ads

After last week a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and plans ...