Malicious backdoored NPM package masqueraded as Twilio library for three days until it was turfed out
Dodgy JavaScript code downloaded hundreds of times
03 Nov 2020
Articles about Npm
Now GitHub has gulped down NPM Inc, what's next for the JS package registry? Well, some stability will be nice
CTO Ahmad Nassri announces intention to bow out
16 Apr 2020
Are we having fund yet, npm? CTO calls for patience after devs complain promised donations platform has stalled
Funding free software is 'still a very unsolved problem' says co-founder
22 Feb 2020
No big deal, Rogers, your internal source code and keys are only on the open web. Don't hurry to take it down
Updated 'Closed source' blueprints available for all to gawp at – and potentially exploit
24 Jan 2020
NPM swats path traversal bug that lets evil packages modify, steal files. That's bad for JavaScript crypto-wallets
Trio of vulnerabilities made registry full of uncertain code even more of a risk
13 Dec 2019
NPM today stands for Now Pay Me: JavaScript packaging biz debuts conduit for funding open-source coders
Like a particular module? You're one command away from being able to donate some dosh for it
06 Nov 2019
Hey, NPM. How do you like your Bogensberger? He's, well, done: CEO Bryan ejects from biz
JavaScript packager seeks new boss amid internal friction, firings, unionization attempts
20 Sep 2019
After banning adverts in command-line terminals, NPM floats idea of Patreon-style donations to open-source devs
Cash-burning biz sees itself following in the footsteps of GitHub Sponsors
04 Sep 2019
NPM Inc settles union-busting complaints on third try – after CEO trolled for ordering internal mole hunt
Stuffed mole toys arrive at JavaScript biz after chief exec demands to know who was talking to El Reg
02 Jul 2019
settlement.js not found: JavaScript package biz NPM scraps talks, fights union-busting claims
Special report CEO speaks to The Reg as we dig into labor complaints, future of npm CLI
14 Jun 2019
NPM is Not Particularly Magnanimous? Staff fired after trying to unionize – complaints
Special report Plus: Employee diversity, harassment brouhahas within Microsoft, Google
22 Apr 2019
NPM apologizes for ham-fisted handling of recent staff layoffs
Sorry song fails to quell online discontent, rumors swirl of competition ahead
11 Apr 2019
NPM not tied in knots over Yarn rival project
Parallel projects just happen when the future is obvious
15 Sep 2018
One-in-two JavaScript project audits by NPM tools sniff out at least one vulnerability...
...and those devs are then applying patches, we hope
22 Aug 2018
Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders
Updated Tokens killed after eslint-scope utility compromised
12 Jul 2018
Unlucky Linux boxes trampled by NPM code update, patch zapped
Devs stumble into pre-release beta by using command they didn't understand
23 Feb 2018
Wondering where your JavaScript libs went? Spam-detection snafu exiled npm packages
Postmortem sheds light on brief dependency hell
11 Jan 2018
npm adds two-factor auth, security tokens in wake of JS typo attack
Let's make sure that code you're pulling in is legit code, not some scumbag's library
05 Oct 2017
Create a news alert about Npm, or find more stories about Npm.
