InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
Dark Reading

FileFix Attack Chain Enables Malicious Script Execution

A security researcher has discovered a FileFix attack chain that allows a threat actor to execute malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows. ClickFix is a ...