#malicious-npm-packages

North Korea's Shadow Coders Flood npm, PyPI, Go, and Rust with 1,700 Toxic Packages

What if the next dependency you pull poisons your entire build? North Korean hackers just dumped 1,700 malicious packages across npm, PyPI, Go, and Rust, masquerading as legit dev tools.

5 min read 4 weeks, 1 day ago

List of 36 malicious strapi-plugin npm packages targeting Redis and PostgreSQL databases

36 Fake npm Strapi Plugins Slip Redis and Postgres Backdoors into Dev Pipelines

Imagine firing up npm install for a quick Strapi tweak, only to hand attackers your database keys and a persistent foothold. That's the nightmare 36 malicious packages just unleashed on unsuspecting devs.

5 min read 1 month ago