「 Between January and July, cybersecurity firm Sonatype said it blocked 234 malicious packages uploaded to the widely used npm and PyPI code repositories and linked to the campaign. The packages, which impersonated legitimate developer tools, were designed to steal credentials, profile victims’ devices and plant backdoors. The researchers estimate the campaign may have impacted more than 36,000 developers 」

https://therecord.media/north-korean-hackers-targeting-open-source-repositories

#hacking #npm #pypi #opensource

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/