npm

There’s a RAT in my code: new npm malware with Bladabindi trojan spotted

| | FEATURED, malicious code npm, Nexus Intelligence Insights, npm, Vulnerabilities
Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT) ...
Sonatype Blog
Tips for Managing npm Dependencies

Tips for Managing npm Dependencies

| | AppSec, Best Practices, nodejs, npm, security
Part of the reason why Node.js is so appealing is that it allows for easy application extensibility; you focus on your core competencies, and if you need additional features or functionality, you ...
ShiftLeft Blog - Medium

Discord squashes critical Electron bugs: open source attacks continue to grow

| | FEATURED, Nexus Intelligence, Nexus Lifecycle, npm, Product
My colleague has two kids, ages 9 and 12.  Since the COVID lockdowns they have been playing more online games and each of them use Discord to chat with their friends during ...
Sonatype Blog
Fake npm Packages Found in GitHub Repository

Fake npm Packages Found in GitHub Repository

| | dependencies, GitHub, Industry News, Javascript, npm, typossquatting
Security researchers discovered four vulnerable npm packages uploaded to GitHub that were capable of collecting the user’s IP address, geolocation and device hardware data. Not all attacks have a high-visibility profile. Some ...
HOTforSecurity

From Prototype Pollution to full-on remote code execution, how can adversaries exploit npm modules?

| | FEATURED, Nexus Intelligence Insights, npm, Vulnerabilities
The NodeJS component express-fileupload - touting 7 million downloads from the npm registry -  now has a critical Prototype Pollution vulnerability ...
Sonatype Blog

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

| | component vulnerabilities, GitHub, Maven, npm, open source goveranance, policy automation, Product, Vulnerabilities
Pull request line comments highlight the exact line(s) of code that introduced a policy violation, giving developers all the information they need to remediate open source risks and innovate securely without sacrificing ...
Sonatype Blog

Custom Node Module Management using Private npm Registry Configured in Nexus Repository

| | how to, News and Views, node.js, npm, Post developers/devops
When we are developing software applications, we design reusable components to apply the power and benefit of reuse. Reuse is still an emerging discipline. It appears in many different forms from ad-hoc ...
Sonatype Blog

New in Nexus Repository 3.23: Nexus Intelligence via npm audit

| | FEATURED, Javascript, Nexus Intelligence, Nexus Repository, npm, npm audit, Product
We are excited to announce the official release of Nexus Repository 3.23. In this release, we continue the story of our enhanced JavaScript support with the new Nexus Intelligence via npm audit ...
Sonatype Blog

Comparing npm Audit Versus AuditJS

| | AppSec, auditJS, npm, Rest API
A while back I wrote a blog post after a colleague shared a new JavaScript auditing tool called AuditJS. I wanted to update that based on more time with the tool, particularly ...
Sonatype Blog

How to Access npm Packages After Securing Nexus Repository Manager

| | FEATURED, News and Views, Nexus Repository, nexus repository manager, npm, Post developers/devops
This article addresses those who are using, or having interest in using, Nexus Repository Manager as their package manager for npm packages, Docker images, etc., but also for those who are curious ...
Sonatype Blog
Load more