Published on: 2025-06-17 17:37:41
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat Research team, the packages were uploaded to the NPM repository starting May 12 from three publisher accounts. Each of the malicious packages contains a post-install script that automatically executes during ‘npm install’ and collects the following information: Hostname Internal IP address User
Keywords: data npm packages socket threat
Find related items on AmazonPublished on: 2025-06-25 00:55:25
Astra 🚀 Fast, reliable and easy-to-use js-to-exe compiler. Docs | npm | GitHub Why Astra? Astra is (probably) the best compiler available on npm. Average exe is ~70-80MB (depends on your code) so it's lighter than most compilers It's aiming to compile servers (express, fastify) or CLIs (commander) so it's not replacement of electron. For now it only compiles windows applications. (working on macOS and linux) Features Esthetic CLI - With signale, inquirer and chalk, Astra provides a grea
Keywords: astra cli executable npm yarn
Find related items on AmazonPublished on: 2025-07-02 01:31:47
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. The package, named os-info-checker-es6, appears as an information utility and has been downloaded more than 1,000 times since the beginning of the month. Researchers at Veracode, a code security assessment company, found that the first version of the package was added to the Node Package Manager (NPM) inde
Keywords: final npm package payload veracode
Find related items on AmazonPublished on: 2025-08-17 15:24:50
OpenAI Codex CLI Lightweight coding agent that runs in your terminal npm i -g @openai/codex Quickstart Install globally: npm install -g @openai/codex Next, set your OpenAI API key as an environment variable: export OPENAI_API_KEY= " your-api-key-here " Note: This command sets the key only for your current terminal session. To make it permanent, add the export line to your shell's configuration file (e.g., ~/.zshrc ). Run interactively: codex Or, run with a prompt as input (and optiona
Keywords: codex git npm openai run
Find related items on AmazonPublished on: 2025-09-10 13:19:28
EDIT: Back online?! NPM discussion: https://github.com/npm/cli/issues/8203 NPM incident: https://status.npmjs.org/incidents/hdtkrsqp134s Cloudflare messaging: https://www.cloudflarestatus.com/incidents/gshczn1wxh74 GitHub issue: https://github.com/sindresorhus/camelcase/issues/114 Anyone experiencing npm outage that's more than just the referenced camelcase package?
Keywords: com github https incidents npm
Find related items on AmazonPublished on: 2025-09-12 00:19:28
EDIT: Back online?! NPM discussion: https://github.com/npm/cli/issues/8203 NPM incident: https://status.npmjs.org/incidents/hdtkrsqp134s Cloudflare messaging: https://www.cloudflarestatus.com/incidents/gshczn1wxh74 GitHub issue: https://github.com/sindresorhus/camelcase/issues/114 Anyone experiencing npm outage that's more than just the referenced camelcase package?
Keywords: com github https incidents npm
Find related items on AmazonPublished on: 2025-09-18 05:22:41
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency-related packages, and the popular 'country-currency-map' package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, "/scripts/launch.js" and "/scripts/diagnostic-report.js," which execute
Keywords: downloads malicious npm packages version
Find related items on AmazonPublished on: 2025-09-20 20:53:47
Unlike some other public repositories, the npm package repository is never really quiet. And, while there has been some decline in malware numbers between 2023 and 2024, this year's numbers don’t seem to continue that downward trend. Still, while RL has detected some interesting npm malware so far this year, none of it warranted a detailed writeup. Then March rolled around, and two very interesting packages were published on npm: ethers-provider2 and ethers-providerz. These were simple downlo
Keywords: ethers malicious npm package provider2
Find related items on AmazonPublished on: 2025-09-21 21:00:00
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. This way, even if the victim removes the malicious packages, the backdoor remains on their system. The new tactic was discovered by researchers at Reversing Labs, who warned about the risk it entails, even if the packages weren't downloaded in large numbers. "It's not unusual to encounter downloaders on npm; they are may
Keywords: ethers legitimate npm package packages
Find related items on AmazonPublished on: 2025-10-01 01:47:31
What is Package Phobia? Package Phobia reports the size of an npm package before you install it. This is useful for inspecting potential dependencies or devDependencies without using up precious disk space or waiting minutes for npm install . What is "publish size" vs "install size"? The "publish size" is the size of the source code published to npm. This number is easy to detect and is typically very small. The "install size" is the size your hard drive will report after running npm instal
Keywords: dependencies install npm package size
Find related items on AmazonPublished on: 2025-10-14 08:08:43
Peer-to-peer file transfers in your browser Cooked up by Alex Kern & Neeraj Baid while eating Sliver @ UC Berkeley. Using WebRTC, FilePizza eliminates the initial upload step required by other web-based file sharing services. Because data is never stored in an intermediary server, the transfer is fast, private, and secure. A hosted instance of FilePizza is available at file.pizza. What's new with FilePizza v2 A new UI with dark mode support, now built on modern browser technologies. Works
Keywords: browser file filepizza files pnpm
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.