本文最初发布于 RedMonk。 最近，JavaScript 软件包管理领域发生了重大变化。虽然 npm 仍是 Node.js 运行时环境中使用的 JavaScript 软件包注册中心和管理器，但值得讨论的是，对于 JavaScript 代码交付这个更大的问题，这些变化有什么影响。具体来说，我想到了最近出现 ...

Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of ...

Is the public NPM JavaScript package registry going away? NPM, the company behind the popular online repository of Node.js and JavaScript code, insists it will remain, despite a recent rumor to the ...

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., the JavaScript developer tools provider and operator of the world’s largest software registry, today announced a significant upgrade to npm Enterprise, its ...

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., the open source JavaScript developer tools provider and operator of the world’s largest software registry, today announced npm Pro, the first professional ...

Tens of thousands of developers using weak credentials to secure their npm accounts inadvertently put more than half of the npm packages (JavaScript libraries and tools) at risk of getting hijacked ...

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

轻量级 JavaScript 实用工具库 "is" 是 NPM 平台上的热门项目，每周下载量超过 220 万次。然而在 2025 年 7 月 19 日，该库开发者遭遇钓鱼攻击导致账户凭证泄露，攻击者借此发布了包含远程代码执行后门的恶意版本。 钓鱼攻击入侵开发者账户 据报告，项目维护者 John ...

这一警告来自Koi Security的Oren Yomtov，他在周一的博客中披露了在多个包管理器中发现的六个零日漏洞，这些漏洞可能允许黑客绕过去年11月Shai-Hulud攻击npm并破坏超过700个包后推荐的防护措施。