InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
Infosecurity-magazine.com

Manifest Confusion Threat Undermines Trust in Entire Npm Registry

Developers using the wildly popular npm registry to download JavaScript code may unwittingly be exposed to a range of cyber-threats because it fails to check the metadata of packages, it has emerged.
Dark Reading

Npm Packages Vulnerable to Old-School Weapon: the 'Shift' Key

Since 2017, hackers have been able to mimic legitimate packages on Node Package Manager (npm) by simply removing the capital letters in their titles. According to newly published research from ...
Bleeping Computer

NPM fixes private package names leak, serious authorization bug

The largest software registry of Node.js packages, npm, has disclosed multiple security flaws that were identified and remedied recently. The first flaw concerns leak of names of private npm packages ...