npm

News 4 min read May 19, 2026

Malicious npm Package Compromises Multiple Production Deployments

A 42-line npm package was exploited to infiltrate multiple production environments, highlighting critical supply chain vulnerabilities.

News 3 min read Apr 10, 2026

North Korean Hackers Compromise Axios npm Package in Major Supply Chain Attack

On March 31, 2026, North Korean hackers compromised the Axios npm package, highlighting critical vulnerabilities in the software supply chain.

News 2 min read Apr 3, 2026

Critical Supply Chain Attack Compromises Axios npm Package

On March 31, 2026, the widely-used JavaScript library Axios was compromised in a supply chain attack, leading to the publication of malicious versions containin

News 3 min read Apr 1, 2026

Axios npm Package Compromised in Major Supply Chain Attack

The widely-used Axios npm package was compromised in a significant supply chain attack, affecting millions of applications and exposing sensitive data.

News 2 min read Mar 18, 2026

Shai-Hulud Worm Targets npm Registry, Compromises 1,000+ Packages

The Shai-Hulud worm compromised over 1,000 npm packages, exposing 25,000 GitHub repositories, highlighting critical supply chain security vulnerabilities.

News 2 min read Mar 17, 2026

CISA Warns of Widespread npm Supply Chain Attack Impacting Over 500 Packages

CISA issues an urgent advisory on the Shai-Hulud npm supply chain attack, compromising over 500 packages and urging immediate dependency reviews.