Understanding filesystem takeover vulnerabilities in npm JavaScript package manager
Source
SnykUnderstanding filesystem takeover vulnerabilities in npm JavaScript package managersnyk.ioYou might also wanna read

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa
arstechnica.com·8mo agoPopular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·10mo ago176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi
Critical Vulnerability Discovery in Nix Package Manager Ecosystem
The article details how the author and a colleague discovered a critical vulnerability in the Nix package manager ecosystem that could have
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published

Comments
Sign in to join the conversation.
No comments yet. Be the first.