cd/entity/npm· home entities npm
grep -l @npm /news/*.json | wc -l → 154

npm

mentions 154 type Organization page 8/8 feed RSS

// recent coverage 154 mentions

20:51
2026-05-18
dev.to
developer-tools

Let Your AI Agent Scaffold Apps With seed4j-mcp

Seed4j-mcp is a new open-source Model Context Protocol (MCP) server that allows AI agents like Claude Code and Cursor to control the seed4j application generator, enabling them to scaffold Spring Boot…

12:00
2026-05-13
safedep.io
cybersecurity

Malicious npm Packages Backdoor Claude Code Sessions

Five typosquatting npm packages published by accounts named "superbase" and "micresoft" contain a hidden 4.5 MB ELF binary that executes automatically upon `npm install` and, through a hijacked `Sessi…

12:00
2026-05-11
tanstack.com
ai-safety

Postmortem: TanStack npm supply-chain compromise

On May 11, 2026, an attacker compromised the TanStack Router/Start repository and published 84 malicious npm package versions across 42 packages by exploiting a pull_request_target vulnerability, GitH…

00:00
2026-05-01
safedep.io
ai-tools

exiouss: Cookie Stealer Bundled in npm Exam Cheat

A malicious npm package named "exiouss" was published on May 1, 2026, by the account "loltestpad" as a rebranded version of the previously removed "godsplan" package, now bundling a PowerShell script …

12:00
2026-04-30
safedep.io
cybersecurity

PyTorch Lightning Compromised: Shai-Hulud Worm Reaches PyPI

The PyTorch Lightning deep-learning framework was compromised on PyPI, with versions 2.6.2 and 2.6.3 containing a credential-stealing worm called Shai-Hulud. The malware activates when Python code run…

09:41
2026-04-30
gist.github.com
developer-tools

Configuring minimum release age across npm, pnpm, and yarn

Setting a minimum release age (cooldown) on dependencies is a low-effort, high-impact defense against supply-chain attacks, as most malicious packages are detected and removed within hours. All three …

17:45
2026-01-03
gist.github.com
developer-tools

uninstall beads

The article describes an uninstall script for the Beads (bd) tool that performs a comprehensive cleanup of all its traces from a system. By default, the script runs in dry-run mode to show what would …

09:00
2025-12-10
deno.com
developer-tools

Deno 2.6: dx is the new npx

Deno 2.6 introduces a new tool called `dx`, which functions as an equivalent to `npx` for conveniently running binaries from npm and JSR packages. The release also adds more granular permission contro…

12:00
2025-09-30
deno.com
cybersecurity

How Deno protects against npm exploits

The article explains that Node.js and npm have a permissive default security model, allowing any installed package code, including malicious scripts, full system access. In contrast, Deno is designed …

15:00
2025-09-10
bun.com
developer-tools

Behind The Scenes of Bun Install

The article explains that Bun's package installation is significantly faster than other Node.js package managers because it treats installation as a systems programming problem rather than a JavaScrip…

00:00
2025-09-10
blog.himanshuanand.com
cybersecurity

Typosquat Detective : a tiny game to train your eye

The article describes "Typosquat Detective," a short online game designed to train users to identify look-alike domains used in phishing attacks. The game tests players on spotting tricks like number-…

00:00
2020-01-21
jola.dev
developer-tools

Announcing Hex Diff

The Hex team has launched **diff.hex.pm**, a free web-based tool that generates highlighted git diffs for any Hex package version range directly in a browser. Designed to improve supply chain security…

← prev page 8 / 8
// co-occurs with top 8 entities