Latent Space AI News

Npm

Your weight: normal

all topics
  1. 0.
    Researchers find several packages in the @redhat-cloud-services npm namespace shipped malware targeting credentials for GitHub Actions, AWS, GCP, and others (stepsecurity.io)
    0 points 1 sources 1 minutes ago cluster

    Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install, targeting GitHub Actions secrets, AWS, GCP, and other credentials.

    devtoolsnpmsecurity
  2. 0.
    NPM packages from RedHat have been compromised (github.com)
    0 points 1 sources 1 minutes ago cluster

    Malicious npm releases have been detected across the @redhat-cloud-services/ scope, Warehouses are impacted. According to StepSecurity, multiple RedHat Cloud Services npm packages have been compromised.

    npmredhatsecurity
  3. 0.
    Npm-scan: Modern supply chain security for the npm ecosystem (github.com)
    0 points 1 sources 1 minutes ago cluster

    Npm-scan is a modern supply chain security tool for the npm ecosystem, offering static and behavioral analysis to catch threats that other tools like npm audit, Snyk, and Socket miss.

    npmsoftware-securitysupply-chain-security