Install GitHub App 
Typosquatt alert ! Malicious npm Package: nyc-config
Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.
Tag: npm
npm - The Playground for Malicious Packages
Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.
Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack
Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
