InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
GitHub

A practical functional toolkit for JavaScript and TypeScript.

Written in TypeScript with full type safety, fp-pack works seamlessly in both JavaScript and TypeScript projects. fp-pack is a focused collection of functional programming utilities designed for ...
GitHub

Transform ESM imports to CJS requires when the imported module is pure CJS.

Some packages only provide CJS builds (e.g., typescript, @babel/parser), and importing them using ESM syntax increases Node's cjs-module-lexer overhead. This plugin converts ESM imports to CJS ...
SiliconANGLE

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

A new report out today from managed detection and response company Expel Inc. details a newly identified variant of the Shai Hulud malware that is demonstrating how software supply chain attacks are ...