The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.

Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised. Powered by the Ethereum blockchain, dydX is a ...

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.

Security researchers discovered over 400 malicious packages in the popular open source registry npm in December, and dozens more in PyPI. Sonatype explained in a blog post that its AI tooling spotted ...

Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm account.… The malware targets ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which belong to CrowdStrike. Recently, there were reports of the tinycolor npm ...

A series of malicious packages hidden within the Node Package Manager (npm), the largest software registry for JavaScript, has been uncovered. According to a new advisory published by FortiGuard on ...