NPM Explained - Search News

Bitwarden CLI compromised in supply chain attack: hundreds of developers have installed malware

Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...

Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Bleeping Computer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious ...

Infosecurity-magazine.com

Open Source Community Thwarts Massive npm Supply Chain Attack

A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8, Josh Junon, a developer with over 1800 GitHub ...

Results that may be inaccessible to you are currently showing.

Hide inaccessible results