#npmPackages – Xynik

Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems

September 2, 2024 by Xynik

September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more

‘everything’ blocks devs from removing their own npm packages

January 4, 2024 by Xynik

January 4, 2024 at 04:56AM The npm package registry was flooded with over 3,000 packages during the holidays, leading to the creation of the “everything” package. Installing “everything” results in the download of every npm package, causing storage and performance issues. Authors are unable to remove their packages due to its dependency chain, which has … Read more