Bleeping Computer

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.
InfoWorld

JavaScript tutorial: Build and publish NPM packages in a pinch

There have been a handful of times when I thought it would be nice to publish a JavaScript library on NPM. It was either a small library I kept using in different projects or a command-line tool I ...