Thousands of fake packages flood npm registry in major attack - here's what we know

Over 43,000 dormant spam packages flooded npm in a coordinated two-year campaign Some packages contained worm-like scripts ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the npm (Node Package Manager) ecosystem to install JavaScript and Node.js ...
GitHub

Lombiq Node.js Extensions

This project provides several MSBuild-integrated frontend asset pipelines - for building and linting SCSS, JS, Markdown and other arbitrary files. It uses static configuration from your package.json ...