Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
InfoWorld

Why Node.js waited for OpenSSL security update before patching

Node.js Foundation fixed two critical vulnerabilities in its open source server-side JavaScript platform and addressed the newly patched OpenSSL As promised, the Node.js Foundation updated all ...