Recent searches
Search options
#npm
@loar entonces habría que entrar a revisar el detalle de la config del servidor web. Yo uso un contenedor con nginx proxy manager y desde ahí configuro todos los redireccionamientos y certificados. Es lo más simple.
Masquerading payment npm package installs backdoor https://www.developer-tech.com/news/masquerading-payment-npm-package-installs-backdoor/ #npm #javascript #developers #coding #programming #hacking #security #infosec #tech #news #technology
Atomic and Exodus crypto wallets targeted in malicious npm campaign
A malicious npm package named pdf-to-office was discovered targeting cryptocurrency wallets. The package, posing as a PDF to Office converter, injects malicious code into locally installed Atomic and Exodus wallets. This attack modifies legitimate files to redirect crypto funds to the attacker's wallet. The campaign shows persistence, as removing the malicious package doesn't remove the injected code from the wallets. Multiple versions of both wallets were targeted, with the attackers adapting their code accordingly. This incident highlights the growing scope of software supply chain risks, particularly in the cryptocurrency industry, and emphasizes the need for improved monitoring of both source code repositories and locally deployed applications.
Pulse ID: 67fd41f7af4b02a0fd75fb69
Pulse Link: https://otx.alienvault.com/pulse/67fd41f7af4b02a0fd75fb69
Pulse Author: AlienVault
Created: 2025-04-14 17:12:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Malicious #NPM packages target #PayPal users
https://securityaffairs.com/176530/security/malicious-npm-packages-to-steal-paypal-credentials.html
#securityaffairs #hacking
Properly patching packages: persistently producing patches for published projects, particularly practically prevented by patch-package policy
How to use `patch-package` to modify NPM dependencies, for instance when you're distributing an executable and you want to patch something you rely upon, without relying upon `postinstall` scripts.https://fed.brid.gy/r/https://www.jvt.me/posts/2025/04/12/patch-package-distribute/
FYI: Absolutely do not use AI to generate any files that specify what packages to include in your project:
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
“slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. If you’ve ever seen an AI recommend a package and thought, “Wait, is that real?”—you’ve already encountered the foundation of the problem.
And now attackers are catching on.”
The Rise of Slopsquatting: How #AI Hallucinations Are Fueling... https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks #npm #dev #infosec
Edit: more info: https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/
/
) #OpenSource Poisoned #Patches Infect Local #Software. Malicious packages lurking on open source repositories like #npm have become less effective, so cyberattackers are using a new strategy: offering "patches" for locally installed programs.
https://www.darkreading.com/cloud-security/open-source-poisoned-patches-infect-local-software
npm: 3 moderate severity vulnerabilities
me: npm audit fix --force
npm: 5 moderate severity vulnerabilities
AAAAAAAAAAAAAAAAAAAAA
Hoo boy am I tired of seeing messages in my browser's JavaScript from some deep transitive dependency of the app I work on, saying "We're about to remove support for <feature that a slightly less nested transitive dependency uses>, sucks to be you."
This whole developer ecosystem is a nightmare of endless compatibility problems, 90% of them trivially avoidable with a moment's thought.
Exactly when I needed it, it appeared to me: NPM's workspaces feature.
Workspaces is a generic term that refers to the set of features in the npm cli that provides support to managing multiple packages from your local file system from within a singular top-level, root package.
workspaces | npm Docs https://docs.npmjs.com/cli/v8/using-npm/workspaces
It seems that while I was building my huge monorepo in good old JS5 #javascript I missed the #npm workspaces concept that emerged somewhere along those years.
Now that I hit the wall with #deno and a bunch of dependency-wise intertwined packages, I've learned about deno's workspace feature that is a reimplementation of npm's workspaces.
Ok, let me see if I can organize my code using workspace(s)...
Une porte dérobée découverte dans des paquets #npm. L’écosystème npm fait souvent l’objet d’attaques par des cybercriminels et les chercheurs en #cybersécurité (...)
https://www.lemondeinformatique.fr/actualites/lire-une-porte-derobee-decouverte-dans-des-paquets-npm-96460.html
#sécurité
Malware Found on npm Infecting Local Package With Reverse Shell, by @reversinglabs.com:
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
Unsere Anleitung #npm "Nginx Proxy Manager mit #nextcloud 
" wurde soeben um das Kapitel "Update" erweitert 
https://www.c-rieger.de/nginx-proxy-manager-mit-nextcloud/#update
Wir wünschen Ihnen ein schönes Wochenende!
All #permacomputing projects built with #NPM and #JS are useless. Sorry, you didn't understand permacomputing *at all* . If you at least used Golang, it would run on relatively old machines. But, with #JS, you are just losing both yours and our time.
AnimeJS v4 has landed. Boy oh boy, it’s probably the sickest JavaScript library for animations.
Anyone else seeing #npm package installation failures? I can see https://status.npmjs.org/incidents/hdtkrsqp134s, but the "scoped to certain keywords" is both weasel-wording and confusing ... #npmjs #javascript #devops
hah, npm issue right now, which https://status.npmjs.org/ was quite tardy in reporting