Hackaday

PhantomRaven Attack Exploits NPM’s Unchecked HTTP URL Dependency Feature

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials.

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Almost a dozen malicious npm packages, delivering dangerous infostealing malware, were downloaded roughly 10,000 times before ...
GitHub

VM Module linking unclear error message #60157

i mean moduleRequests.map (linker) will call linker in parallel for each module, which causes errors for me with acyclical graphs because modules they import in common will only be queued to resolve ...
GitHub

EAS Build EACCES mkdir /node_modules error persists despite clean yarn/npm, clear-cache, and rebuild

needs reviewIssue is ready to be reviewed by a maintainerIssue is ready to be reviewed by a maintainer EAS build fails on both npm ci and yarn install with EACCES ...