Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
Infosecurity Magazine

Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...
Hackaday

PhantomRaven Attack Exploits NPM’s Unchecked HTTP URL Dependency Feature

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
InfoWorld

What is Deno? A ‘better’ Node.js

If you like Node.js but not its package manager npm, or you want a more secure JavaScript runtime environment than Node.js, you might find the new open source project Deno of interest (the word Deno ...
The Hacker News

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
ZDNet

Could TypeScript replace JavaScript? Use of programming language spin-off soars

There's now more evidence that Microsoft's language for scaled-up JavaScript, TypeScript, is becoming an essential for developers building for the internet. Developer analyst firm RedMonk last month ...