Another malicious library has been spotted in the JavaScript-oriented NPM registry, underscoring the continued fragility of today’s software supply chain. Like other software package registries – repositories of code libraries for specific tasks – NPM, which was acquired last year by Microsoft’s GitHub, has proven to be an effective mechanism for spreading malicious software.

Read full article on The Register