The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, identity-bound credentials become the norm — and MFA bypass is no longer ...
InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
GitHub

[email protected] on npm missing dependency 'undici' (ERR_MODULE_NOT_FOUND)

Repro (Linux, Node v22.20.0, npm 10.9.3):\n\n1) npm i -g [email protected]\n2) clawdhub search "calendar"\n\nResult:\n\nError [ERR_MODULE_NOT_FOUND]: Cannot find package ...
GitHub

DataDog/guarddog: GuardDog is a CLI tool to Identify malicious PyPI packages

GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages, Go modules, RubyGems, GitHub actions, or VSCode extensions. It runs a set of heuristics on the package source code ...