Technology ❯ Cybersecurity ❯ Software Vulnerabilities

NPM Security

Remote Dynamic Dependencies

Researchers Uncover 'PhantomRaven' Campaign Flooding npm With 126 Credential-Stealing Packages

Researchers say attackers exploited npm's remote dynamic dependencies to hide install-time payloads that steal developer credentials.