NPM CEO Bryan Bogensberger has resigned from his position. NPM is known for its free JavaScript tools that are popular with developers.

When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem ...

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the ...

Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application ...

A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot.

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute ...

The Enclave NPM module currently under development will offer smoother project setup in Facebook’s React JavaScript UI library. Enclave provides an NPM for compiling JSX and ECMAScript 2015 code ...

Microsoft announced that it's reached an agreement to acquire npm. npm has a massive repository of over 1.3 million packages. Now, Microsoft can help grow the JavaScript ecosystem and ...

After last week a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and ...

Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that backdoored developers ...