Most JavaScript developers are familiar with the npm package manager, which was originally developed by Isaac Schlueter. What many probably don't know is ...

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity.

NPM compatibility in the Deno JavaScript/TypeScript runtime has reached the stable stage, meaning developers leveraging Deno now can import more than 1.3 million NPM modules.

The left-pad module on NPM was eventually “ un-unpublished ” and assigned to a new owner (developer Cameron Westlake). Dependent projects once again became installable.

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.

A programmer behind the popular open-source npm program node-ipc poisoned it with malware that erased the hard drives of computers located in Russia or Belarus.