Learn why the Shai-Hulud malware is a significant threat to the npm ecosystem, and see how FOSSA's Impact Assessment Tool can help mitigate the risk.
Semantic versioning is a core pillar of responsible open source publishing, but what happens when it's incorrectly used?
The developer behind 'colors.js' and 'faker.js' sabotages his own npm libraries, causing widespread disruption.
A significant rise in NPM packages with embedded malware has been reported, affecting popular packages like coa, rc, and ua-parser. This raises serious concerns over the ecosystem's security.