Researchers at ReversingLabs discovered a malicious npm package masquerading as the Material Tailwind library. Their finding highlights a new trend for threat actors to install malicious code ...

Microsoft said its Visual Studio Code 1.7 release overloaded the npmjs.org JavaScript package management service for Node.js, forcing a version rollback to 1.6.1.

Hundreds of code libraries posted to NPM try to install malware on dev machines These are not the the developer tools you think they are.