The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations
When code with millions of downloads nukes user files, bad things can happen.
In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.
