Tag: npm
All the articles with the tag "npm".
-
A Security Scanner Got Hacked. Then It Infected Everything It Scanned.
Trivy, one of the most trusted vulnerability scanners in DevOps, was compromised. The attack spawned CanisterWorm, a self-propagating npm worm that used blockchain as a command server. 141 packages infected. The irony is brutal.
-
Unsung Hero: One Person Holds the JavaScript Ecosystem Together
Sindre Sorhus maintains 1,100+ npm packages with billions of downloads per month. If he stopped tomorrow, a significant portion of the npm registry would break. He funds himself through GitHub Sponsors.