CSOonline

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies. The Open Source Security Foundation (OpenSSF) has released ...
Dark Reading

Malicious NPM Packages Disguised With 'Invisible' Dependencies

As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...
ZDNet

GitHub tackles severe vulnerabilities in Node.js packages

GitHub has resolved numerous vulnerabilities in Node.js packages tar and @npmcli/arborist, with the worst allowing file overwrites and arbitrary code execution. On Wednesday, GitHub said the company ...