InfoWorld

How one yanked JavaScript package wreaked havoc

When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem Developers ...
Windows Central

Microsoft's GitHub acquires npm to help JavaScript developers

Microsoft continues its push towards open source development with its acquisition of npm. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Bleeping Computer

Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package

The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript ...