Axios malicious package: what developers and defenders should check
What the Axios malicious package contained, how it was published, and how teams can check GitHub, Intune, CrowdStrike, and Jamf.
Apr 4, 20265 min read16
Command Palette
Search for a command to run...
#npm
Articles tagged with #npm
The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM Ecosystem
1. Introduction: The Attack of the Code Worm Imagine building a project with a set of Lego bricks, but one of the bricks is secretly malicious. Not only is it a bad piece, but it also has the ability to copy itself and sneak into all the other Lego s...
Sep 18, 202514 min read66
The Nx Supply Chain Attack: When AI Becomes an Accomplice Attackers
In a startling turn of events, the widely-used Nx build system fell victim to a sophisticated supply chain attack. On August 26, 2025, malicious versions of the Nx packages were published to the npm registry, compromising the systems of potentially t...
Aug 27, 20258 min read122
Safely Exploring Malicious NPM Packages: A Guide to Using Verdaccio for Secure Testing
Software supply chain attacks are becoming increasingly common, posing significant risks to entire ecosystems. Detecting, analyzing, and mitigating these threats is crucial for security researchers and engineers. This guide explores how to use Verdac...
Jan 11, 20254 min read287
How to Publish Your First NPM Package: A Simple Beginner's Guide
Simple Instructions for Publishing Your Initial NPM Package
Jan 10, 20254 min read32