New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
InfoWorld

Why local-first matters for JavaScript

Every developer should be paying attention to the local-first architecture movement and what it means for JavaScript. Here’s ...
IEEE

Understanding the NPM Dependencies Ecosystem of a Project Using Virtual Reality

Abstract: Modern JavaScript development relies heavily on using Node Package Manager (NPM) modules. These modules are related by dependency relationships, possibly ...
ZDNet

5 ways to spot software supply chain attacks and stop worms - before it's too late

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...
Visual Studio Magazine

TypeScript 5.9 RC Brings Deferred Imports, Node.js 20 Module Target

TypeScript 5.9 has reached the release candidate (RC) stage with enhancements for modern module behavior, hover tooltips, and deferred module evaluation. Microsoft announced the RC on July 25, ahead ...
The Hacker News

Bogus npm Packages Used to Trick Software Developers into Installing Malware

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm ...
Hacker

Erstellen effizienter npm-Pakete mit React-, TypeScript- und CSS-Modulen: Ein umfassender Leitfaden

<img alt="Read on Terminal Reader" srcSet="https://hackernoon.imgix.net/computer.png?auto=format&amp;fit=max&amp;w=32 1x, https://hackernoon.imgix.net/computer.png ...
The Hacker News

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and ...
GitHub

Tutorial does not work due to outdated npm depenencies

$ npm start > [email protected] start > webpack-dev-server (node:20541) [DEP0111] DeprecationWarning: Access to process.binding('http_parser') is deprecated. (Use `node --trace-deprecation ...` to ...
Infosecurity-magazine.com

Malicious Npm Package Uses Typosquatting, Downloads Malware

A package called “aabquerys” has been spotted on the open-source JavaScript npm repository using typosquatting techniques to enable the download of malicious components. The findings come from ...
IEEE

A Tutorial on High-Density Power Module Packaging

Abstract: Transportation electrification in many forms along with continued grid modernization efforts is placing stringent requirements on volumetric and gravimetric power densities for power ...