The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity.

Most JavaScript developers are familiar with the npm package manager, which was originally developed by Isaac Schlueter. What many probably don't know is ...

NPM compatibility in the Deno JavaScript/TypeScript runtime has reached the stable stage, meaning developers leveraging Deno now can import more than 1.3 million NPM modules.

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.

The left-pad module on NPM was eventually “ un-unpublished ” and assigned to a new owner (developer Cameron Westlake). Dependent projects once again became installable.

Snyk said hardly anyone downloaded the npm package until it was added as a dependency by Miller to the node-ipc module as of versions 9.2.2 and 11.0.0.