Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...

Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a ...

GitHub, the developer repository owned by Microsoft, made a little deal of its own this morning when it bought JavaScript packaging vendor npm for an undisclosed amount. As GitHub CEO Nat Friedman ...

Microsoft will soon control more of the open source software development ecosystem. GitHub, which Microsoft bought in 2018, said Monday that it will acquire NPM, which offers a crucial service for ...

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever ...

GitHub announced Monday that it will acquire npm, a JavaScript package manager. Subscribe to GeekWire's free newsletters to catch every headline GitHub will join Microsoft’s CoreAI division with ...

Source code repository hoster GitHub has listed the most popular programming languages used on its site, tracking usage trends since it launched in 2008. It revealed few surprises, mostly matching up ...

Microsoft’s open-source shopping spree has claimed another victim: npm. [Nat Friedman], CEO of GitHub (owned by Microsoft), announced the move recently on the GitHub blog. So what motivated the ...

GitHub’s increasing popularity, and the availability of its usage data, make it a good source for examining trends in software development. For example, I’ve used their data in the past to look at ...