The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, identity-bound credentials become the norm — and MFA bypass is no longer ...
GitHub

clawdhub@0.3.0 on npm missing dependency 'undici' (ERR_MODULE_NOT_FOUND)

Repro (Linux, Node v22.20.0, npm 10.9.3):\n\n1) npm i -g clawdhub@0.3.0\n2) clawdhub search "calendar"\n\nResult:\n\nError [ERR_MODULE_NOT_FOUND]: Cannot find package ...
GitHub

DataDog/guarddog: GuardDog is a CLI tool to Identify malicious PyPI packages

GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages, Go modules, RubyGems, GitHub actions, or VSCode extensions. It runs a set of heuristics on the package source code ...