Solutions
Platform
Checkmarx One Platform
SAST
SCA
Agentic AI Assist
API Security
ASPM
Codebashing
Container Security
DAST
IaC Security
Malicious Package Protection
Repository Health
Secrets Detection
Solutions
Code to Cloud
Developer Experience
DevSecOps
SSCS
On Premises
SAST
Industry
Public Sector
Services
Support
Services
Maturity Assessment
Open Source and Free Tools
KICs
ZAP
Vorpal
2MS
Plans and Packages
Partners
Partners
Our Partner Programs
Find a Partner
Programs
Channel Partners
GSI
Tech Partners
Existing Partners
Partner Portal
Academy
Partner Hub
Company
Checkmarx
About Us
Customers
Leadership
Awards & Recognition
News
Events
People
Careers at Checkmarx
Trust
Security & Compliance
Get In Touch
Contact Us
Support Portal
Resources
Engage
Documentation
Packaging
Discover
Blog
Knowledge Hub
Case Studies
Events
News
Press Releases
E-books
White Papers
More resources
Checklist
Infographics & Interactives
Research & Reports
Solution Briefs
Videos
Webinars
Glossary
All Resources
Research
Checkmarx Zero
Research Blog
Vulnerabilities
Open-Source Tools
Contact Us
Get a demo
Get a Demo
Search Results
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
NPM command confusion
Malicious NPM Package Exploits React Native Documentation Example
Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft
With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers
Year-Long Campaign of Malicious npm Packages Targeting Roblox Users
When “Everything” Goes Wrong: NPM Dependency-Hell Campaign – 2024 Edition
NPM Account Takeover Results in Crypto Supply Chain Attack
A new, stealthier type of Typosquatting attack spotted targeting NPM
How NPM Packages Were Used to Spread Phishing Links