The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
CSOonline

Npm ecosystem vulnerable to new manifest confusion attack

Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers. The npm (Node Package Manager) ecosystem of JavaScript ...
Bleeping Computer

NPM ecosystem at risk from “Manifest Confusion” attacks

The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware ...
Dark Reading

Hugging Face Packages Weaponized With a Single File Tweak

A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate ...

Malicious npm packages: SAP software compromised

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security researchers.
Visual Studio Magazine

Validating JSON with JSON Schema

Once you've created a JSON Schema that describes a JSON document, you can use it both in Visual Studio -- to provide guidance when creating JSON documents -- and in your code to validate the messages ...
InfoWorld

JSON tools you don’t want to miss

Developers can choose from many great free and online tools for JSON formatting, validating, editing, and converting to other formats JSON, for JavaScript Object Notation, is a popular and lightweight ...