Neowin

GitHub acquires JavaScript package manager npm

Ever since Microsoft acquired the open-source development platform GitHub, it has grown the service significantly with even more acquisitions. Last year, GitHub acquired Dependabot and Pull Panda, and ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
ZDNet

Show-stopping bug appears in npm Node.js package manager

Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported ...
Bleeping Computer

Botched npm Update Crashes Linux Systems, Forces Users to Reinstall

A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot. Changing ownership of these ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Dark Reading

Npm Packages Vulnerable to Old-School Weapon: the 'Shift' Key

Since 2017, hackers have been able to mimic legitimate packages on Node Package Manager (npm) by simply removing the capital letters in their titles. According to newly published research from ...