BBC

Solving the problem with NPM Link and React Hooks

React Hooks are a welcome addition to React 16.8, but come with a significant drawback for local development when NPM Link is also being used. In iPlayer Web, we’ve come up with a workaround! Read on ...
Bleeping Computer

Popular 'coa' NPM library hijacked to steal user passwords

Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, ...
ZDNet

Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem

The npm ecosystem of JavaScript libraries is more interwoven than most developers think, and the entire thing is a gigantic house of cards, being one bad hack away from compromising hundreds of ...
Bleeping Computer

npm 'accidentally' removes Stylus package, breaks builds and pipelines

npm has taken down all versions of the real Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. A security placeholder ...
CSOonline

Malicious packages in npm evade dependency detection through invisible URL links: Report

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...
BBC

Solving the problem with NPM Link and React Hooks

React Hooks, external are a new(-ish) way of using state and other React features without writing a class, and in general, keeping code much simpler to understand and share. In iPlayer Web, we have ...