Hackers are exploiting Ethereum smart contracts to inject malware into popular NPM coding libraries, using packages to run ...

Hackers are using Ethereum smart contracts to conceal malware payloads inside seemingly benign npm packages, a tactic that ...

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

Hackers use Ethereum smart contracts to hide malware in NPM packages, launching a stealthy crypto-themed supply chain attack.

Attacks on the NX build system and React packages highlight escalating threats to enterprise software development pipelines.

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI ...

Unsecured platforms can be susceptible to malicious actors inserting harmful packages to exploit unsuspecting users.

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers.

A widely used Node.js utility called fast-glob is being maintained by a single Russian developer, prompting debate about the risks of solo maintainers and potential geopolitical influence.

Beyond the usual quick tips, let's look at both the business case and the technical side of keeping React bundles lean.