npm ...

npmとYarnにおけるローカルインストールとグローバルインストールの違いをわかりやすく解説します。プロジェクト単位の依存関係とCLIツールとしての使い分けを理解することで、パッケージ管理の基本が身につきます。モダンJavaScript開発に欠かせな ...

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

2026年6月5日、MicrosoftのGitHubリポジトリ73件が、GitHubの不正利用対策システムによって無効化されました。これらのリポジトリは、開発者がAIコーディングツールでパッケージを開いた際に認証情報を盗むマルウェアに侵害されていたと ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...