JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Npm packages are reusable blocks of JavaScript code published to the Node Package Manager registry that developers can ...

"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...

Note: If you’re using MetaMask, Phantom, Trust Wallet, or any crypto app, the advice is simple, take your time, check every ...

The recent attack on the Node Package Manager (NPM) packages of a well-known developer, Josh Junon, known as "qix," has been ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

NPM supply chain attack compromised 18 popular JavaScript packages, swapping crypto wallet addresses, but quick detection ...

An NPM supply chain attack has prompted Ledger Chief Technology Officer Charles Guillemet to urge crypto users to pause ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.