Compromised files replace npm packages with a combined 2 billion weekly downloads

The "biggest supply chain attack" in the history of npm took place recently, affecting almost two dozen packages.

Over 300 npm packages compromised by self-replicating worm0 0

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...
Ars Technica

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and ...