A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access.

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity.

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

Miller intended the module to be "protestware", to reflect people's opposition to war. "This code serves as a non-destructive example of why controlling your node modules is important. "It also ...

A programmer behind the popular open-source npm program node-ipc poisoned it with malware that erased the hard drives of computers located in Russia or Belarus.