sayzard13h ago

Aiden Bai (@aidenybai)

React Grab이 이번 달 NPM에서 45만 회 설치되며 전월 대비 300% 성장했습니다. 오픈소스 패키지로서 NPM에서 빠르게 확산 중인 React 관련 유틸리티이며, 개발자 생태계에서 주목할 만한 성과를 보였습니다.

https://x.com/aidenybai/status/2028153297786531920

#react #npm #opensource #javascript

Aiden Bai (@aidenybai) on X

React Grab was installed 450k times this month! that's +300% MoM growth on NPM for an open source package been so busy grinding that i forget to celebrate wins too

X (formerly Twitter)
OTX Bot1d ago

New malicious npm package 'ambar-src' targets developers with open source malware

Pulse ID: 69a41698305ac629c3081e95
Pulse Link: https://otx.alienvault.com/pulse/69a41698305ac629c3081e95
Pulse Author: Tr1sa111
Created: 2026-03-01 10:36:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RCE #bot #developers #Tr1sa111

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Giacomo1d ago

Your AGENTS.md is silently misleading your AI agents.

Paths get renamed. npm scripts change. The file you wrote in September gives wrong instructions by December — without a single commit to AGENTS.md.

Built agents-lint to catch this automatically.

npx agents-lint

github.com/giacomo/agents-lint

#DevTools #AITools #npm

Rad Web Hosting3d ago

🚀 Deploy Self-Hosted #OpenClaw on #VPS (3 Minute Quick-Start Guide 🤖)

This article provides a quick, yet thorough step-by-step guide to deploy self-hosted OpenClaw on VPS servers. A lot of users have been deploying directly to Mac Minis, but we'd like to present another, radically different clawd deployment strategy. In this guide, we will deploy OpenClaw on Linux VPS-specifically, #Debian VPS.
What is ...
Continued 👉 https://blog.radwebhosting.com/deploy-self-hosted-openclaw-on-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #npm #selfhosting #selfhosted #clawdbot

OTX Bot3d ago

New malicious npm package 'ambar-src' targets developers with open source malware

A malicious npm package named "ambar-src" reached 50,000 downloads in days before being removed from the registry. It uses a preinstall script to execute malicious code during installation, targeting Windows, Linux, and macOS systems. The package employs detection evasion techniques and deploys powerful open-source malware variants. It abuses npm's preinstall script hook to trigger the payload without explicit invocation. The malware fetches additional payloads from remote servers and uses Yandex Cloud for command and control. Affected systems should be considered fully compromised, requiring immediate incident response actions. The attack highlights the speed at which supply chain risks can propagate and confirms that npm install is a high-risk action.

Pulse ID: 69a161489d57df80623a8b5c
Pulse Link: https://otx.alienvault.com/pulse/69a161489d57df80623a8b5c
Pulse Author: AlienVault
Created: 2026-02-27 09:18:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #InfoSec #Linux #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #RCE #SupplyChain #Windows #bot #developers #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
kalvn3d ago

Sous le coude.

🔗 https://glebbahmutov.com/blog/npm-publish-from-github/

#npm #GitHub #CICD

How To Publish To NPM From GitHub Actions

At the end of 2025, NPM registry revoked all personal NPM tokens that I used to publish new NPM package releases. This change improves the security of the entire NPM publishing workflow, but has disru

Better world by better software
Show threadAlex3d ago
@penguin42 heh, I actively avoid anything with #npm requirements. I did hope crates.io would be better but I thought they had had some supply chain attacks themselves recently.
Christian Noll3d ago

Supply chain worm with its own MCP server spreads via GitHub (heise.de)

https://www.heise.de/en/news/Supply-chain-worm-with-its-own-MCP-server-spreads-via-GitHub-11190731.html

#supplychain #npm #mcpserver #programming #javascript #security #attack

Supply chain worm with its own MCP server spreads via GitHub

A new malware is circulating in the npm ecosystem, stealing credentials and CI secrets and spreading autonomously.

heise online
OTX Bot4d ago

Malicious npm Package Targets Developers to Delivers Cross Platform Payloads

A malicious npm package called “ambar-src” attempting to mimic the
legitimate package “ember-source”. Malware abuses the pre-install script
during the package installation process to deliver cross platform payloads.

Pulse ID: 699f9856b13ed9909d5ed144
Pulse Link: https://otx.alienvault.com/pulse/699f9856b13ed9909d5ed144
Pulse Author: cryptocti
Created: 2026-02-26 00:48:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Mimic #NPM #OTX #OpenThreatExchange #RCE #bot #developers #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
hallvors5d ago

God tekst om Mamdanis visjoner for godt offentlig lederskap:

https://pluralistic.net/2026/02/24/mamdani-thought/#public-excellence

Jeg tenker det er undervurdert hvor utrolig effektivt det er å ganske enkelt ansette folk som ønsker å få gjort noe bra for samfunnet i offentlig sektor, og gi dem rammevilkår til å få gjennomført ting..

#norsktut #npm #politikk

Pluralistic: Socialist excellence in New York City (24 Feb 2026) – Pluralistic: Daily links from Cory Doctorow