The Hacker News

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
InfoWorld

A proactive defense against npm supply chain attacks

Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...
Dark Reading

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
InfoWorld

All I want for Christmas is a server-side JavaScript framework

Could 2026 be the year of the beautiful back end? We explore the range of options for server-side JavaScript development, ...