Typosquatt alert ! Malicious npm Package: nyc-config
Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.
Tag: malware
Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack
Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
npm - The Playground for Malicious Packages
Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.
Malicious Open Source Library Analysis: llm-oracle and its Payload
Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.
