InfoWorld

NPM 5 reworks the cache for speed, but could break existing apps

NPM, the popular JavaScript package manager, is being upgraded for better performance. Expected to be released tomorrow, NPM Version 5.0 is two to six times faster than NPM 4, said Kat Marchan, a ...
Infosecurity-magazine.com

Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

An ongoing npm credential harvesting campaign operating since August 2025 has been discovered by researchers at Koi Security. The malware, dubbed PhantomRaven by the researchers, is actively stealing ...
Bleeping Computer

NPM ecosystem at risk from “Manifest Confusion” attacks

The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware ...