Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se.
November 16, 2023
Another day, another NPM typosquatting attack.
October 5, 2023
There are over 17 million developers worldwide who use NPM packages, making it a lucrative target for cybercriminals.
October 2, 2023
The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js,…
August 22, 2023
In the interconnected world of web development, open-source components play a vital role, facilitating collaboration and code sharing…
July 21, 2023
The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository.
October 23, 2021