Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
Hackaday

PhantomRaven Attack Exploits NPM’s Unchecked HTTP URL Dependency Feature

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
heise online

Major attack on node.js

A major attack on the supply chain for software packages for the widely used JavaScript runtime environment node.js was discovered on Monday. The attacker has injected obfuscated malicious code into ...
InfoWorld

What is Deno? A ‘better’ Node.js

If you like Node.js but not its package manager npm, or you want a more secure JavaScript runtime environment than Node.js, you might find the new open source project Deno of interest (the word Deno ...
ZDNet

Could TypeScript replace JavaScript? Use of programming language spin-off soars

There's now more evidence that Microsoft's language for scaled-up JavaScript, TypeScript, is becoming an essential for developers building for the internet. Developer analyst firm RedMonk last month ...