Linux Journal

Installing and Using Yarn on Ubuntu

Yarn is a powerful JavaScript package manager that is compatible with npm and helps automate the process of installing, updating, configuring, and removing npm packages. Yarn provides speed and ...
InfoQ

Making 'npm install' Safe

At QCon New York 2019, Kate Sills, a software engineer at Agoric, discussed some of the security challenges in building composable smart contract components with JavaScript. Two emerging TC39 ...
GIGAZINE

The popular @ctrl/tinycolor package, downloaded over 2 million times per week, has been compromised along with over 40 other NPM packages in a sophisticated supply chain attack ...

The malware used in Shai-Hulud is capable of self-propagation, automatically infecting other packages managed by the maintainer of the infected package. It also harvests credentials from developer ...
Bleeping Computer

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
TechCrunch

Facebook partners with Google, others to launch a new JavaScript package manager

Facebook today launched Yarn, a new package manager for JavaScript. If you’ve every worked with JavaScript and Node.js, chances are that you’ve used the npm package manager to find and reuse existing ...