Thousands of fake packages flood npm registry in major attack - here's what we know

Over 43,000 dormant spam packages flooded npm in a coordinated two-year campaign Some packages contained worm-like scripts ...

New ‘IndonesianFoods’ worm floods npm with 100,000 packages

A self-spreading package published on npm spams the registry by spawning new packages every every seven seconds, creating ...