cd/entity/npm· home entities npm
grep -l @npm /news/*.json | wc -l → 154

npm

mentions 154 type Organization page 5/8 feed RSS

// recent coverage 154 mentions

09:22
2026-06-13
socket.dev
developer-tools

Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformati

Socket's Threat Research team identified 23 new malicious PyPI packages in the Mini Shai-Hulud, Miasma, and Hades supply chain attacks, expanding the campaign to 471 artifacts across npm and PyPI. The…

07:21
2026-06-13
developer.microsoft.com
developer-tools

Agent just scaffolded a project from 2020

An AI agent scaffolded a project using an outdated 2020 version because npx resolved to an old package version without engine constraints, due to npm's version resolution prioritizing engine compatibi…

17:54
2026-06-11
devblogs.microsoft.com
developer-tools

Your agent just scaffolded a project from 2020

AI agents using npx without specifying a version can inadvertently scaffold projects from outdated templates due to npm's engine compatibility resolution, which prioritizes older versions without engi…

14:00
2026-06-09
arize.com
ai-agents

How to detect credential theft in AI agent harness traces

In May 2026, two supply-chain attacks targeted AI coding tools including Claude Code and Cursor, with one malicious VS Code extension stealing npm, AWS, GitHub, and SSH credentials from 6,000 develope…

10:00
2026-06-09
safedep.io
ai-tools

Inside the Miasma Software Supply Chain Attack Toolkit

The Miasma software supply chain attack toolkit has been released as open source across multiple GitHub repositories, likely through compromised developer accounts. The toolkit enables attackers to ex…

00:00
2026-06-07
jackfranklin.co.uk
ai-tools

ai-review: reviewing AI code before it lands

Developer Jack Franklin launched ai-review, an open-source tool that lets terminal-based AI coding agents present plans and diffs in a browser for line-by-line review. The tool bridges the gap between…

17:36
2026-06-06
dev.to
ai-tools

Rust Was Crashing. Go Fixed It. Copilot Showed Me Why

A developer built Delay Mirror, a supply chain security gateway for package managers that blocks downloads of packages published within the last three days, after malicious code was pushed into npm pa…

10:00
2026-06-06
safedep.io
ai-agents

Config Files That Run Code: Supply Chain Security Blindspot

A single unsigned commit to the `icflorescu/mantine-datatable` repository added six files, five of which serve as launchers that execute a 4.3 MB dropper at `.github/setup.js`. The dropper, obfuscated…

10:00
2026-06-05
safedep.io
ai-agents

Miasma Worm Targets AI Coding Agents via GitHub Repos

On June 3, 2026, attackers pushed malicious commits to the GitHub repository `icflorescu/mantine-datatable` and four sibling repos, planting a 4.3 MB payload from the Miasma worm family. The commit ad…

← prev page 5 / 8 next →
// co-occurs with top 8 entities