Bleeping Computer

NPM fixes private package names leak, serious authorization bug

The largest software registry of Node.js packages, npm, has disclosed multiple security flaws that were identified and remedied recently. The first flaw concerns leak of names of private npm packages ...
App Developer Magazine

npm@6 package manager brings new security features

npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the ...