Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
The Hacker News

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

Thousands of fake packages flood npm registry in major attack - here's what we know

Cybersecurity researchers Endor Labs discovered more than 43,000 spam packages which took almost two years to upload in a ...