Rene RobichaudDec 23

Malicious NPM Package with 56K Downloads Steals WhatsApp Messages
https://cybersecuritynews.com/malicious-npm-package-with-56k-downloads/

#Infosec #Security #Cybersecurity #CeptBiro #NPMPackage #Steals #WhatsAppMessages

N-gated Hacker NewsSep 15, 2025
🎉 Breaking news: nerds discover the most overcompensating npm package version ever, because that's what really matters. 🤦‍♂️ Meanwhile, the rest of the world continues to revolve around slightly more important things, like, you know, everything else. 🌎✨
https://adamhl.dev/blog/largest-number-in-npm-package/ #nerdnews #npmpackage #overcompensation #techhumor #developerlife #HackerNews #ngated
Which npm package has the largest version number?

I spent way too much time on this

Cyber Kendra Sep 9, 2025

🔥 The NPM supply chain attack just got bigger!
DuckDB database packages have been compromised with crypto-stealing malware. A simple phishing email led to packages used by thousands of developers being infected.
The malware is designed to steal cryptocurrency by hijacking wallet transactions - pretty sophisticated stuff!

Read Details - https://www.cyberkendra.com/2025/09/duckdb-packages-compromised-in-latest.html

#supplychain #npmPackage #npmattack #hack

DuckDB Packages Compromised in Latest NPM Supply Chain Attack

The NPM supply chain attack targeting major JavaScript packages has claimed another victim, with popular database library DuckDB confirming that four of its Node.js packages were compromised with cryptocurrency-stealing malware just hours after the …

Cyber Kendra
Rene RobichaudJul 23, 2025

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/

#Infosec #Security #Cybersecurity #CeptBiro #NPMpackage #Devs #Malware

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices.

BleepingComputer
HackernoonSep 18, 2022

Referenced link: https://hackernoon.com/how-to-publish-your-package-on-npm-registry
Discuss on https://discu.eu/q/https://hackernoon.com/how-to-publish-your-package-on-npm-registry

Originally posted by HackerNoon | Learn Any Technology / @[email protected]: https://twitter.com/hackernoon/status/1571303019840512002#m

"How to Publish Your Package on NPM Registry" cc: @theritikchoure https://hackernoon.com/how-to-publish-your-package-on-npm-registry #npmpackage #javascript

How to Publish Your Package on NPM Registry | HackerNoon

NPM is a great library of JavaScript packages. We can use packages created by other developers and we can publish our package as well.

Christos PanagiotakopoulosDec 21, 2020

Sometimes, you have to interface with an API that doesn't respond fast enough. Moreover, you might perform the same request multiple times.

The solution?

Return the same promise for the same exact requests until they resolve. This is more useful when you interface with stateless APIs, where you just consume data.

https://github.com/chrispanag/memoized-node-fetch

#node #nodejs #npm #npmpackage #package #javascript #typescript #opensource

chrispanag/memoized-node-fetch

A wrapper around node-fetch (or any other fetch-like function) that returns a single promise until it resolves. - chrispanag/memoized-node-fetch

Show threadArghya  Sep 27, 2020

Weekends to #developers is time for hobby projects.
Worked half of my Sunday and fixed the issues.

v0.0.5 is published finally.

Changelogs:

- Fixed a major issue with exceptions.
- Better error handling with appropriate messages.
- New parameter factor introduced which helps in modifying the cropped area of face.
- More unit test cases added.
- Code Coverage enhanced to 99%.

#npm #npmPackage #nodejs #javascript #devops #cicd #automation #foss #opensource #opensourceContributions

Show threadArghya  Sep 26, 2020

Just released v0.0.4!

Changelogs:

- Function API has been modified to reduce complexity.
- Fixes in loading pre-trained classifier files.
- Added .npmignore file.
- Reduced package size to less than a MB.
- Added unit test cases for the new developments.
- Moved to Codecov from Sonarqube.
- Achieved 95% code coverage.
- README updates with images added.

#npm #npmPackage #nodejs #javascript #devops #cicd #automation #foss #opensource #opensourceContributions

Show threadArghya  Sep 24, 2020

Released v0.0.3!

Changelogs:

- Added support for multi-face detection.
- Redirecting to opencv4js npm package to obtain the updated opencv.js file easily.
- Integrated Sonarqube for code scanning and detect bugs/issues/smells in code.
- Integrated Jest for unit testing.
- Code coverage- 94.4%.
- README updates to provide more clarity.

v1.0.0 will be arriving by next week.

#npm #npmPackage #nodejs #javascript #devops #cicd #automation #foss #opensource #opensourceContributions

Show threadArghya  Sep 21, 2020

v0.0.2 is out now!

Changelogs:
- Minor code tweaks.
- Github Actions workflow added to automate publishing to npm registry.
- Documentation updated with relevant details on how to use the package.

#npm #npmPackage #javascript #GithubActions #devops #cicd #automation #foss #opensource #opensourceContributions