Bleeping Computer

Dozens of malicious packages on NPM collect host and network data

60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat ...
CSOonline

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies. The Open Source Security Foundation (OpenSSF) has released ...