ADTmag

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a self-replicating worm infiltrated the npm registry and compromised more than 180 ...
InfoWorld

Intro to Nitro: The server engine built for modern JavaScript

The HTTP engine inside Nitro is H3, a server geared for high-performance and portability. H3 provides the core functionality ...

Socket will block it with free malicious package firewall

Socket Firewall Free builds upon the company's safe npm tool by extending scanning capabilities beyond the ...
MediaNama

Why CERT-In Is Warning Startups and IT Companies About Dune-Inspired Malware ‘Shai-Hulud’

CERT-In has issued an advisory warning of Shai-Hulud malware that targets JavaScript’s Node Package Manager (npm) ecosystem ...
The Hacker News

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called " ...

GitHub acts on npm security after Shai-Hulud worm attack

Microsoft-owned repository GitHub has responded to recent node package manager (npm) attacks such as the Shai-Hulud ...