Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials.
InfoWorld

Why Node.js waited for OpenSSL security update before patching

Node.js Foundation fixed two critical vulnerabilities in its open source server-side JavaScript platform and addressed the newly patched OpenSSL As promised, the Node.js Foundation updated all ...