News

Yahoo Finance

npm, Inc. Raises $8 Million Series A and Launches npm Private Modules to Accelerate Module-Driven Development

OAKLAND, CA--(Marketwired - Apr 14, 2015) - npm, Inc., the most widely used package manager for JavaScript, announced today that it has raised $8 million for a series A round of funding. The series ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
Threat Post

Dev Sabotages Popular NPM Package to Protest Russian Invasion

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. The developer ...
IT News For Australia Business

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...