News

Bleeping Computer

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
Linux Journal

Installing and Using Yarn on Ubuntu

Yarn is a powerful JavaScript package manager that is compatible with npm and helps automate the process of installing, updating, configuring, and removing npm packages. Yarn provides speed and ...
InfoQ

Making 'npm install' Safe

At QCon New York 2019, Kate Sills, a software engineer at Agoric, discussed some of the security challenges in building composable smart contract components with JavaScript. Two emerging TC39 ...
TechCrunch

Facebook partners with Google, others to launch a new JavaScript package manager

Facebook today launched Yarn, a new package manager for JavaScript. If you’ve every worked with JavaScript and Node.js, chances are that you’ve used the npm package manager to find and reuse existing ...

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Hackers are now exploiting vulnerabilities in widely-used NPM coding libraries to inject malware into Ethereum smart ...