Npm is a topic tracked in our intelligence system with 5 linked articles.
DepsGuard is an active open-source Rust tool that hardens npm/pnpm/yarn/bun/uv configs via an interactive UI with backups and restore, backed by recent updates and a security-focused feature set.
Official Red Hat npm channel was compromised, enabling a credential-stealing worm that affected over 30 packages and exposed CI/CD credentials, with Red Hat reporting no customer impact so far.
Red Hat Cloud Services npm packages were compromised with malicious releases; a long list of affected packages and versions is disclosed, signaling a supply-chain security incident.
npm adds staged publishing (GA) and new install-time allow flags, enforcing explicit approvals and explicit source allowlists, with versioned requirements and a future default change for git sources.
Headline reports 314 npm packages compromised, signaling notable software supply-chain risk with limited detail.
AI advances are shifting the software stack away from Python toward Rust/Go and related tooling, with measurable gains in performance, cost, and ecosystem momentum.
Subscribe for real-time topic updates and unlimited access to our intelligence platform.