Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...

An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain ...

Selenium IDE: This is like a beginner’s friend. It’s a browser extension, often for Firefox, that lets you record your ...