npm
TrialTools
A package manager for JavaScript and Node.js dependencies.
Why it's here
Placed in Trial: 4 article(s) of evidence from 4 source(s), led by framework updates, with 2 in the last 30 days. Confidence 66%.
Evidence (4)
- 8The New Stack·6/11/2026securityChainguard flags greyware in open-source packages
Chainguard says its new source code scanner is detecting not only malware but also “greyware” in public registries, meaning packages that behave as advertised while also including harmful capabilities. The company says it has scanned over 100,000 packages per day and blocked more than 52,000 packages identified as malware or greyware, with examples on npm involving credential theft, token exfiltration, and persistent backdoors.
- 7Hacker News·6/9/2026framework_updateUpcoming breaking changes in npm v12
GitHub has announced upcoming breaking changes for npm v12, signaling updates that may require maintainers to adjust publishing and package-management workflows. The notice is aimed at developers and package authors who rely on npm, with details focused on compatibility changes rather than new features.
- 8OpenAI Blog·5/13/2026securityOpenAI responds to the TanStack npm supply chain attack
OpenAI says it responded to the TanStack “Mini Shai-Hulud” npm supply chain attack by securing systems and signing certificates, and by reviewing what was affected. The company also says macOS users must update OpenAI apps by June 12, 2026 to stay protected as it strengthens defenses against future supply chain threats.
- 5Hugging Face Blog·2/9/2026framework_updateTransformers.js v4 Lands on NPM
Hugging Face announced Transformers.js v4, making the JavaScript library available on NPM. The release expands access for developers building machine learning and AI features in browser and Node.js environments.