News

Bleeping Computer2y
npm packages caught serving TurkoRAT binaries that mimic NodeJS
Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan.
TWCN Tech News9mon
NPM is not recognized as an internal or external command
Why is my Terminal not recognizing npm? Terminal is not recognizing npm as an internal or external command because the path is not added in the Environment Variable section. You can modify or add ...
GitHub1d
GitHub - nodejs/node-gyp: Node.js native addon build tool
node-gyp is a cross-platform command-line tool written in Node.js for compiling native addon modules for Node.js. It contains a vendored copy of the gyp-next project that was previously used by the ...
GitHub5mon
GitHub - nodejs/full-icu-npm: convenience loader for 'small-icu' node ...
Importing this package does not have any useful effect, see below. Originally, Node.js did not come with information for all of the world’s languages. The default build mode was “small-icu” which ...
Bleeping Computer4y
NPM nukes NodeJS malware opening Windows, Linux reverse shells
NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total ...
The Hacker News2y
Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and ...