Malicious npm packages caught installing remote access trojans JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware.

A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the ...

Malicious NPM packages are part of a malware “barrage” hitting repositories People trust repositories, which makes them the perfect vectors for malware.

Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users.

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...