"How Threat Actors Are Using npm to Launch Attacks"

A report released by WhiteSource details malicious activity discovered in npm, a popular JavaScript package manager widely used among developers. The report is based on findings from over 1,300 malicious npm packages identified in 2021. JavaScript remains the most commonly used programming language as millions of developers worldwide rely on its speed, robust documentation, and interoperability with other programming languages. However, the popularity of JavaScript has made it attractive to threat actors. Attackers are increasingly targeting JavaScript's open-source package managers and package registries, with npm being the most widely used as there are more than 1.8 million active packages. WhiteSource tracked an average of 32,000 new npm packages published every month in 2021. This level of activity allowed threat actors to carry out software supply chain attacks, cryptojacking, data stealing, and the creation of packages that falsely claim to be designed for security research but contain malicious code. This article continues to discuss the use of npm to launch a number of different attacks. 

Help Net Security reports "How Threat Actors Are Using npm to Launch Attacks"