VentureBeat

Facebook open-sources Yarn, a JavaScript package manager

Facebook today is open-sourcing Yarn, a package manager for efficiently installing JavaScript packages that represent dependencies for applications. Yarn is available now on GitHub under a ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
The Next Web

Facebook launches Yarn, a JavaScript package manager built for speed

Facebook has launched Yarn, an open source JavaScript package manager that promises faster and more reliable installs than the massively popular npm. The company says its new creation is capable of ...
Ars Technica

Hundreds of code libraries posted to NPM try to install malware on dev machines

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systemsMalware targeted system keyrings, bypassing app-level security to steal decrypted credentialsAffected users must ...
InfoWorld

Facebook spins Yarn to replace NPM packager

The company built Yarn out of a desire for a faster, more secure version of the NPM JavaScript package manager Tackling issues with the venerable NPM JavaScript package manager, Facebook is ...
TechCrunch

Facebook partners with Google, others to launch a new JavaScript package manager

Facebook today launched Yarn, a new package manager for JavaScript. If you’ve every worked with JavaScript and Node.js, chances are that you’ve used the npm package manager to find and reuse existing ...