npm

Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages. In 2018 when Microsoft acquired Github, many in the developer community ...

If you've been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It's ...

We’ve recently rolled out enhanced support for JavaScript that provides developers with improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the entire software development lifecycle. Our enhancements ...

This is an excerpt from Out of the Wild: A Beginner's Guide to Package and Dependency Management, a Sonatype Guide. This is the second of three installments. Read the first one here ...

This is an excerpt from Out of the Wild: A Beginner's Guide to Package and Dependency Management, a Sonatype Guide. This is the first of three installments ...

Happy New Year! Nexus Intelligence Insights is back with an open source component vulnerability that turns out to be not so bad after all ...

A malicious JavaScript package was uploaded Dec. 30 2019 on the Node Package Manager (npm), the world’s largest software registry, containing over 800,000 code packages that developers use to write JavaScript applications ...

Hackers have started exploiting two recently disclosed vulnerabilities that potentially affect a large number of internet gateway devices used for residential gigabit-capable passive optical networks (GPON). The vulnerabilities were found by a ...

An update for the popular Npm package manager used by many developers for JavaScript-based projects crashed Linux systems after changing the permissions for critical directories. Linux users who installed npm 5.7.0 released ...