#npm-security

[ follow ]
#supply-chain-attacks #react-native #e2e-testing #github-actions #cicd-compromise #credential-theft #tanstack
#supply-chain-attacks
fromInfoQ
4 days ago
Information security

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

A supply-chain attack poisoned GitHub Actions caches and workflows to publish malicious npm package versions, stealing credentials and propagating malware without npm credential compromise.
fromDevOps.com
2 months ago
Node JS

Malicious NPM Package Gets Downloaded 50K Times Before Discovery - DevOps.com

A malicious npm package downloaded 50,000 times used naming deception and preinstall script hooks to evade detection and compromise Windows, Linux, and macOS systems.
Information security
fromInfoQ
4 days ago

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

A supply-chain attack poisoned GitHub Actions caches and workflows to publish malicious npm package versions, stealing credentials and propagating malware without npm credential compromise.
Node JS
fromDevOps.com
2 months ago

Malicious NPM Package Gets Downloaded 50K Times Before Discovery - DevOps.com

A malicious npm package downloaded 50,000 times used naming deception and preinstall script hooks to evade detection and compromise Windows, Linux, and macOS systems.
more#supply-chain-attacks
#react-native
fromThisweekinreact
2 weeks ago
React

This Week In React #280: TanStack, Remotion, React Router, Remix, Trees, Pracht, shadcn | Expo Go, Ease, Screen Transitions, LegendList, JSI, Gradle, Radon, Baguette, Rozenite, AI | Node.js, Datatype, tsz, Astro | This Week In React

fromThisweekinreact
1 month ago
React

This Week In React #276: Boneyard, Ink, MUI, React Router, Next.js, shadcn, Docusaurus, Comark, Forms, Shaders | RN 0.85, ViewTransition, Skia, Windows, CRNL, Maestro, True Sheet, Nitro Player, RNGH | JSIR, Security, esbuild, Ky, Intl | This Week In React

fromThisweekinreact
2 weeks ago
React

This Week In React #280: TanStack, Remotion, React Router, Remix, Trees, Pracht, shadcn | Expo Go, Ease, Screen Transitions, LegendList, JSI, Gradle, Radon, Baguette, Rozenite, AI | Node.js, Datatype, tsz, Astro | This Week In React

fromThisweekinreact
1 month ago
React

This Week In React #276: Boneyard, Ink, MUI, React Router, Next.js, shadcn, Docusaurus, Comark, Forms, Shaders | RN 0.85, ViewTransition, Skia, Windows, CRNL, Maestro, True Sheet, Nitro Player, RNGH | JSIR, Security, esbuild, Ky, Intl | This Week In React

more#react-native
fromjsdevspace.substack.com
8 months ago

Friday Links 28: The Latest in JavaScript (Sep 19, 2025)

Chinese AI firm DeepSeek revealed it spent only $294,000 training its R1 model far below the hundreds of millions claimed by U.S. rivals. Using 512 Nvidia H800 accelerators, the company trained R1 in just 80 hours. The release of R1 earlier this year rattled tech markets, even denting Nvidia's valuation. DeepSeek also acknowledged limited use of A100s and defended model distillation, stressing it makes AI more accessible despite U.S. accusations of copying OpenAI's work.
Web development
[ Load more ]